NFT Platform OMNI lost 1.4 million in ETH by Re-Entrance Exploid!
7/9/2022, 12:05 AM
The NFT marketplace OMNI fell victim to a re-entry exploit. NFTs worth 1300 ETH were stolen, i.e. over a million dollars.
The error is clearly in the project's program code, which made the following scenario possible through weak logic. The exploit revolved around a Doodle NFT collection and worked as follows:
Not only did the system make a big loss in the liquidation, it also returned the last NFT to the attacker. He could just repeat the whole thing.
It is unclear how such a serious gap in the code could have arisen. The OMNI Protocol has since been put on hold. Deposit and withdrawal are not possible at the moment - however, the platform assures that no customer deposits are affected by the exploit.
Definitely another setback for Crypto and NFT in particular.
The error is clearly in the project's program code, which made the following scenario possible through weak logic. The exploit revolved around a Doodle NFT collection and worked as follows:
- The attacker first deposited a few of their own doodles as security and received wrapped ETH (wETH) in return
- After the loan amount (i.e. the wETH) the attacker had himself paid out
- After that, however, the NFTs (which were deposited as collateral) also cashed out, all but one
- In the end, of course, the remaining Doodle NFT was no longer enough to cover the ETH loan, so the position was liquidated
Not only did the system make a big loss in the liquidation, it also returned the last NFT to the attacker. He could just repeat the whole thing.
It is unclear how such a serious gap in the code could have arisen. The OMNI Protocol has since been put on hold. Deposit and withdrawal are not possible at the moment - however, the platform assures that no customer deposits are affected by the exploit.
OMNI is still in testing (beta). No customer funds were lost, only internal testing funds were affected! We have suspended the OMNI protocol until we completed the investigation and have everything reviewed again by external security and auditing firms.- OMNI statement
Definitely another setback for Crypto and NFT in particular.