Bitcoin Forum

Omni, an NFT platform was hacked for about 1,300 ETH. The hacker utilized a reentrancy vulnerability, a known exploit in smart contracts using Solidity in the Omni Protocol,

For an attack, the hacker used NFTs from a collection called Doodles, he deposited NFTs and took wrapped Ethereum as collateral, then utilized a malicious callback function to frontrun buying more Doodle NFTs before liquidating his loan position.

Once the position was closed, the collateral was returned back to the attacker, so he had a remaining amount of borrowed money to buy even more NFTs, then the hacker used the newly acquired NFTs to borrow, even more, WETH, and could withdraw the loan before Omni's smart contract recognized the loan.

The hack drained more than 1,300 ETH from the protocol, however, Omni said that none of the customer funds were affected, as the platform uses its fund in a test mode since it's still considered a beta.

There have been one and several NFT hacks being reported lately and what I will advise is don't trust those network that claims to be 100% decentralized mean while the developer still has a strong influence on the security and they can change the protocol. Thousands of ethereum have been stolen through the NFTs network and this is raising a lot of concern most especially among the investor, so newcomers can be warned.

The level at which this manipulators and hackers are going this year crypto market is going to have the worst time in history.I think we are not mature enough for this web3. A lot has happened this year from Luna to cel and blok we have this same story. It is sad and I strongly believe that is why the market is strongly bearish this year. However, thank God customers funds are not affected.

Here the things you should know.

Most of hacked are from the smart contract and from the platform of the project. So, the one thing you should be aware is not the "decentralized" but the platform and security of smart-contract. Even you're carefully choosing the platform.

You cannot test the security & smart-contract by your self, since we don't have any knowledge.

you are right investors does not have access to the smart contract source code and that is where most of the hack start from, that is why I mentioned in my earlier comment on the centralized nature and the disadvantages of the open-source software network the developers always hold the keys and the can either exploit that window un a negative manner or leave it open so that other hacker can easily access and exploit such widows.

Heard first time about this scam. Do you have the source link and can you post it to read more details? I am wondering who will use this platform when it has been hacked during the beta test? Although they are saying none of the customer funds were affected but the customer will be afraid now. Behind most hack, someone from the inside is involved who knows better about codes. So they should investigate it deeply and increase security protocol.

You did not specify any source. Did this event really happen? Apart from that, hack attacks have started to increase in recent times. Whenever the markets start to transition into the bear season, such hacking incidents always start to come to the fore. In these cases, it always raises question marks in my mind. I think that these hacking attacks are done together with the team. Because I've been trading in the cryptocurrency market for years and when things are getting better, hacks like this never happen. But when projects start to lose money, such incidents come to light.

How I wish that there's really no customer's fund that was affected. I've looked for the source and you need to include that on your post.

Source ~ https://cryptopotato.com/nft-platform-omni-hit-by-re-entrancy-exploit-lost-1-4m-in-eth/

Although it sounded complicated, there's really something with these hackers and when they see an exploit, they'll no doubt going to abuse that.

And that is the big question, no customer has been affected? So what did the hacker hack then? They won't just strike to anything that it will not yield anything to them. So I'm just confused in the beginning as there are no customers who lost their money. But if it is true then good for them, but still if this hacks makes the newsroom, someone should have lost their ETH already. And it seems that the hackers activity have been ramping up because it's going to be easy money for them.

This if i'm not mistaken it's already the 10th, i saw the NFT platform being hacked, is this a disaster or the end of people selling photos of themselves or photos of monkeys with big glasses.

I once saw in the profile of one of the NFT participants, he saved around 1200 ETH, from selling NFT, I think the NFT platform is no longer safe for its users, this might be an easy target for hackers.

If thats already the number of incident then users should think already of leaving the platform or any associated activity with it. Problem now in this time are those hackers were able to exploit such weak code and security. Its on the part of the platform why this happened. Maybe they are careless and dont put much attention on the security aspect of their own platform. Well newbies will become victim if they dont study first what they are going or investing through.

It's terrible if this is true, it shows that the security of the crypto world is still vulnerable that must continue to be tested. There is a lot of theft going on in the crypto world which is hard to uncover, but it is a process towards the maturity of the platform with its security

It’s nothing we haven’t seen before. People have been stealing money from organisations for centuries. A vulnerability was found & the funds were drained, this isn’t a reason for some mainstream news FUD though. The fiat banking system has had worse things than this for years.

I don't understand how the hack works but it seems like the users are not affected by such evil acts which might cause them a fortune if ever they become a victim. Luckily no one got their money stolen except Omni which is they really need to tighten its security and hire some expert to block those hackers from infiltrating their system. This might just be some easy matters to them but for the investors, this is an indication that they don't deserve their trust they really need to fix their system first before they fully open their product to the investors.

That sounds like the team wants to make the users feel confidence but i do believe if that would be a big lie if the team was saying like that if the funds were not getting affected. It seems like that the hacked is still even smarter than the whole of the team. This loophole has been making people are feeling worry with their money.
I will not believe if the users will still feel confidence to use the platform anymore. I meant if you must also aware that if 1,4 millions USD were a lot.
So, what will be happening with this platform then? The team is the party who knows about the truth. That's pretty much the same like when another defi was getting hacked but at the end if was getting closed down.

A really really bad news when the market just started to slowly recover, Omni is not small platform, and $1.4 million is not small amount. Even though Omni said that the user money is not affected, the use still now that Omni system is vulnerable, and usually the hacker will cash-out their ETH very soon, it will also affect the crypto market in general.

We have seen so many similar hacking incidents in the cryptocurrency industry, and Omni is a big platform that has so much reserve this hacking news is a devastating one, and at this point even though the Omni team has said that clients funds are safe but this raised a lot of concerns.

That's why I'm hoping that they're telling the truth because that will literally make their customers panic if they say that funds are affected. This is like a psychological guarantee so that customers won't think of that much worry.

Anyway, let's give the benefit of the doubt despite the huge amount involved. Binance gone through the same problem before but they've got the safu mechanism so maybe, they're the same.

What do you mean by “test mode” and you were talking about “user money” before that. It is the first time I hear about this platform and I thought it was an Omi layer, but if the money is for testing, then this is not a hack or it is real ether (tCOIN,) and therefore either the platform compensated from its resources or they were making a huge profit.

anyway it is hard to find a critical vulnerability in smart contract which may open door for inside hacker

It is clearly stated that the funds drained by the hacker are from OMNI and not their customer.  It is a good thing that OMNI tested the application first with their own fund than their client. But still, I am wondering how does the hacker drained the ETH while OMNI is performing the test.  How can a hacker sync his activity with OMNI developer.. kinda suspicious to me.

That's nothing new when there was a vulnerability that was used by hacker. That proves that if the team is not even reliable to build the platform. The team was telling about the testmode which does not even make sense if they were using the whole of their funds in the testmode. I meant it can use the testnet mode of ethereum in the testmode.The team was not so smart as hacker.
Since the luna case and it will never believe in what happened with the platforms didn't affect the users. there are bunch of defi that got hacked but they were always refusing if their user funds were getting affected while the fact said the opposite thing.

Yes, that's right, who doesn't worry about the security of their funds, moreover, it is very difficult to uncover every crime in the crypto world. Hopefully all crypto project developers including Omni will further improve the security of the platform in order to provide more guarantees for all

It's good that they've announced it, investors are losing their trust if their funds are not protected and insured by projects they've trusted their money, 1300 is still a huge amount and this is the kind of news that makes investors trust projects that have proven their worth when it comes to security, I hope they can still keep up with the money loss and they should still after these hackers.
These hackers will not stop as long as they have victims that will not go after them.

The hacking that has been happening recently seems like an insider info from my own perspective point of view, because it's becoming rampant, well glad that omni said that customers fund is not affected at least that will be a relief for their customers, but on a serious note something needs to be done on this hacking issue incessant occurrence of it does not speak good about crypto generally

It's just a test hack, so can see the level of security of the platform. Beta mode is only used to see platform performance. If hackers can enter the platform then the launch of the official platform will be delayed. However, we need to be careful in using the NFT protocol. Because many platforms continue to launch NFT products, which are indeed very vulnerable to hacking.

That is one of the possibility that could happened actually. Some crypto exchanges could fake their hacks to steal and exit user's money.
Crypto exchanges should have bug bounties to test whether their exchange is safe or not because their customer's money is on their hand.