NFT Lending Platform OMNI Loses $1.4M Due To A Flash Loan Attack

Ayush Pande

OMNI, an NFT platform that uses staked NFTs as collateral to lend crypto loans, was hit by a flash loan attack on July 10, causing it to lose 1300 ETH ($1.4M). The perpetrator used a re-entrancy exploit to carry out the attack and escaped with the funds in the form of wETH. 

Re-Entrancy Exploit Used To Default Loan

OMNI lost funds when a hacker deposited NFTs from the popular Doodles collection and used them as collateral to issue a loan in wrapped Ethereum (wETH).

Blockchain security firm BlockSec gave a post-mortem account of the flash loan attack. After borrowing a wETH loan against Doodles NFT, the hacker took advantage of the re-entrancy exploit by withdrawing all but one NFT, thus allowing them to default the initial loan by generating a callback function. 

Once the position was liquidated, the remaining NFT was returned to the hacker as the value of the NFT was insufficient to pay back the initial loan. 

Etherscan revealed that the perpetrator sent their newly acquired wETH through Tornado Cash. Since Tornado Cash is a coin mixing service that makes it hard to detect the origin of funds, the hacker was able to escape with the appropriated funds. 

OMNI’s Response To The Attack

Following the attack during its beta testing, the developers began suspending the OMNI Protocol to investigate and review the situation with external security firms. OMNI also reported that no customer funds were lost; only internal testing funds were lost as OMNI was in beta testing mode when the attack was carried out.   

Stay on the pulse of NFTS

Gain access to exclusive interviews with industry leaders, think pieces, trend forecasts, guides and more

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By subscribing, you agree to our Terms of Use and Privacy Policy


No items found.