Attackers exploited a vulnerability in the collateral mechanism, causing the system to cancel their debt and return the tokens provided as collateral

Hackers withdrew $1,4 million in cryptocurrency from the OMNI platform

11.07.2022 - 11:10


2 min

What’s new? On July 10, the OMNI DeFi-platform, which issues cryptocurrency against NFT collateral, became the victim of a hacker attack. As a result of an exploit of the collateral mechanism, attackers managed to withdraw 1 300 ETH ($1,48 million at Binance exchange rate at the time of publication). OMNI representatives said that users' funds were not affected, the hack only affected internal stocks that are used in beta testing of the platform.

Details of the hack. To carry out the attack, the hackers deposited several NFTs from the Doodles collection on the platform as collateral to obtain a loan in the form of wrapped ETH (wETH). Once the loan was secured, the hackers removed all but one of the non-fungible tokens, causing a glitch in the system that canceled the debt. The remaining NFT wasn't enough to repay, the position was liquidated by the system, and the hackers got their last pledged token back.

According to a statement from cybersecurity company PeckShield, after the hack, the attackers sent all the funds to the Tornado Cash cryptocurrency transaction mixer.

On June 24, hackers withdrew $100 million in cryptocurrency from Horizon cross-chain on the Harmony network. The platform had to suspend the operation of the network. Project representatives said they had begun cooperating with US law enforcement agencies to investigate what happened. Elliptic analysts later suggested that North Korean hackers could be behind the Harmony hack.


Vasiliy Smirnov Vasiliy Smirnov

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy