On July 10, a flash loan attack on the Omni platform caused 1,300 ETH to be lost. After borrowing large amounts of non-fungible tokens (NFTs), the criminal manipulated arbitrage and made money from it by putting his theft to use.
Omni is an NFT staking platform that is known for hosting some of the most innovative NFT projects, like BAYC for ETH tokens. A tweet from the security company PeckShield says that the attacker used the flash loan method to take money out of Omni’s NFT lending contract. The hacker was able to clean up the stolen money with the help of the Tornado Cash trading mixer.
Yajin Zhou, the CEO of BlockSec, talked about how the hacking happened, which caused Omni to be short $1.4 million in ETH at the time of the incident. He said that the attack on The Block was a Doodle NFT deposit collection. Wrapped ETH loans were backed by these NFTs (wETH).
Zhou says that the old-fashioned reentrancy of ERC721 that was received was what led to the attack on Omni Protocol. This suggests that the hacker used NFTs to borrow Ethereum. Right after the reentrancy point, the attacker paid off the debt by closing the door and saying that the Ethereum he had borrowed was a bad debt that didn’t need to be paid back. So, the attacker took advantage of the reentrancy vulnerability in the Omni protocol.
How to Decipher Omni Protocol Reentrancy
Solidity-coded applications often have a security hole called “reentrancy.” Because of the flaw, attackers can force the smart contract to call an untrusted contract from the outside. The external call is given priority over the function that started it, which makes it easy to get back into the protocol and reduces its liquidity.
In the Omni NFT attack, the money that was taken came from the Doodle NFT collection. For the attack, he first put up Doodles as collateral for loans from Wrapped Ethereum (wETH). After getting the loan, the hacker took down all of his Doodles except for one. The action set off a callback function that gets rid of the debt that was made by buying wETH.
The Method of Callback
The remaining Doodle balance on the Omni NFT lending platform wasn’t enough to pay off the debt. In this case, the system closes the position and gives the hacker any Doodles that are still left over.
The loan position is closed because the value of the NFTs that the hacker left behind as collateral (1 Doodle) is not enough to cover the debt. In this way, reentrancy happens, and the attacker can use the borrowed wETH to buy more NFTs before liquidation happens.
The Doodles that were bought with the first loan were used as collateral to borrow more wrapped Ethereum. Because the platform couldn’t see that there was a second debt, it was easy for the hacker to get more NFTs without paying back the first loan.
During the project development phase, client money was saved.
Omni is currently in beta testing. The attack caused millions of dollars worth of damage to the NFT lending platform, but only money used for testing was lost. The NFT lender said that the theft didn’t affect customers’ cash in any way.
Still, the network stopped the blockchain as a safety measure while the investigation goes on. Data from Etherscan showed that the hacker had already used Tornado Cash, an Ethereum-based service for mixing currencies, to wash the money. Nobody knows when transactions will start up again.
The post Omni NFT Lending Platform Attacked by Theft of 1,300 ETH appeared first on NFT News Pro.