Hackers withdrew $1,4 million in cryptocurrency from the OMNI platform

What’s new? On July 10, the OMNI DeFi-platform, which issues cryptocurrency against NFT collateral, became the victim of a hacker attack. As a result of an exploit of the collateral mechanism, attackers managed to withdraw 1 300 ETH ($1,48 million at Binance exchange rate at the time of publication). OMNI representatives said that users' funds were not affected, the hack only affected internal stocks that are used in beta testing of the platform.

Statement:1/ OMNI is still in a testing (beta). No customer funds were lost, only internal testing funds were affected!We have suspended the OMNI protocol until we completed the investigation and have everything reviewed again by external security and auditing firms.— OMNI (@OMNI_xyz) July 10, 2022

Details of the hack. To carry out the attack, the hackers deposited several NFTs from the Doodles collection on the platform as collateral to obtain a loan in the form of wrapped ETH (wETH). Once the loan was secured, the hackers removed all but one of the non-fungible tokens, causing a glitch in the system that canceled the debt. The remaining NFT wasn't enough to repay, the position was liquidated by the system, and the hackers got their last pledged token back.

According to a statement from cybersecurity company PeckShield, after the hack, the attackers sent all the funds to the Tornado Cash cryptocurrency transaction mixer.

It seems a reentrancy-related hack. @ParallelFi @OMNI_xyz The stolen funds were just mixed via @TornadoCash https://t.co/Nyunlkk3rr pic.twitter.com/XxxVyX80Fq— PeckShield Inc. (@peckshield) July 10, 2022

On June 24, hackers withdrew $100 million in cryptocurrency from Horizon cross-chain on the Harmony network. The platform had to suspend the operation of the network. Project representatives said they had begun cooperating with US law enforcement agencies to investigate what happened. Elliptic analysts later suggested that North Korean hackers could be behind the Harmony hack.