On July 10, OMNI, a decentralised NFT financialization protocol, faced a reentrancy attack on its beta version of the OMNI protocol. In this attack, the hacker took 1,300 ETH ($1.43 M). OMNI clarified on its Twitter handle that just the internal testing funds were impacted and that the process was still in the beta stage.
OMNI is an NFT money market and an NFT financialization protocol that offers lending and borrowing services. Users can earn interest by lending NFTs and other ERC-20 tokens.
The OMNI procedure has been put on hold until the company finishes the investigation and gets everything reevaluated by outside security and auditing companies.
BlockSec, a DApp Ecosystem platform, stated on its twitter handle on July 10 that the attack on the omni protocol was “due to the old-school reentrancy of onERC721Received.”
The following code demonstrates the susceptible section. The attacker exploited NFTs to borrow ETH during the reentry. The loan has been paid off, turning the borrowed ETH into a bad debt that the attacker is not required to repay.
OMNI openly praises Peckshield, a blockchain security and data analytics firm, for their assistance. It’s a reentrancy-related hack, according to the peckshield. TornadoCash was used to aggregate the stolen funds.
However, the OMNI platform doesn’t cause that much hassle as only testing funds are lost. The platform has not revealed any additional information.
At the time of writing, the Omni price is $2.65 with a 24-hour trading volume of $4.52. As per Coinmarketcap, the Omni trading price has not changed in the last 24 hours.