Over 1,300 ETH (~$1.48 million) was stolen from the Omni lending protocol through a reentry attack.
It seems a reentrancy-related hack. @ParallelFi @OMNI_xyz The stolen funds were just mixed via @TornadoCash https://t.co/Nyunlkk3rr pic.twitter.com/XxxVyX80Fq
— Peck Shield Inc. (@peckshield) July 10, 2022
The platform has a function of borrowing funds secured by NFTs. To do this, the hacker used tokens from the Doodles collection.
After finding the vulnerability, the hacker used the borrowed money to buy more NFTs. He withdrew the latter without returning the borrowed funds.
The assets were soon sent to the mixing service Tornado Cash.
According to the Omni team, the protocol is in beta testing, which is why the incident did not affect user funds.
1/ OMNI is still in a testing (beta). No customer funds were lost, only internal testing funds were affected!
We have suspended the OMNI protocol until we completed the investigation and have everything reviewed again by external security and auditing firms.
— OMNI (@OMNI_xyz) July 10, 2022
“We have suspended the OMNI protocol until we complete the investigation and check everything again with the help of external security and audit firms,” the developers said.