A hacker stole about $1.5 million from the Omni protocol
The heist was carried out because the platform provided a borrowing service on the security of non-fungible tokens. In this case, we are talking about NFTs from the Doodles collection.
The attack began when the hacker took out credit of wETH against a large number of NFTs. When the credit was secured, the attacker withdrew all of the non-fungible tokens from his account, leaving only one unit of NFT. Such user actions activated the callback function. Due to it, the debt incurred during the purchase of the cryptocurrency was canceled entirely. As a result, the hacker returned all of the non-fungible tokens and kept the credit funds in the amount of 1,300 Ethereum coins, equal to almost $1.5 million. After the successful attack and heist, the hacker withdrew all the stolen funds to Tornado Cash. This service provides the mixing.
The reaction to these actions was a temporary suspension of the Omni protocol. According to the developers, the protocol will not be available while the checks and audits are in progress. As noted by the project team, third-party firms will be involved.
Fortunately, this incident did not affect the means of ordinary users because the protocol was in the beta test stage then.
Earlier, we wrote about the AXIE INFINITY hack, which happened when a senior engineer from Sky Mavis got a fake offer to work for a non-existent company and downloaded some malware to his computer.