{"id":64206,"date":"2022-07-11T10:08:28","date_gmt":"2022-07-11T07:08:28","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=64206"},"modified":"2025-09-06T13:07:08","modified_gmt":"2025-09-06T10:07:08","slug":"hacker-siphons-off-about-1-5-million-from-the-omni-protocol","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-siphons-off-about-1-5-million-from-the-omni-protocol\/","title":{"rendered":"Hacker siphons off about $1.5 million from the Omni protocol"},"content":{"rendered":"<p>An unknown actor stole assets worth more than 1,300 ETH (about $1.48 million) from the Omni lending protocol using a reentrancy attack.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">It seems a reentrancy-related hack. <a href=\"https:\/\/twitter.com\/ParallelFi?ref_src=twsrc%5Etfw\">@ParallelFi<\/a> <a href=\"https:\/\/twitter.com\/OMNI_xyz?ref_src=twsrc%5Etfw\">@OMNI_xyz<\/a> The stolen funds were just mixed via <a href=\"https:\/\/twitter.com\/TornadoCash?ref_src=twsrc%5Etfw\">@TornadoCash<\/a> <a href=\"https:\/\/t.co\/Nyunlkk3rr\">https:\/\/t.co\/Nyunlkk3rr<\/a> <a href=\"https:\/\/t.co\/XxxVyX80Fq\">pic.twitter.com\/XxxVyX80Fq<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1546096506159058947?ref_src=twsrc%5Etfw\">July 10, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The platform allows users to borrow funds against NFT collateral. The hacker used tokens from the Doodles collection for the attack.<\/p>\n<p>The loan secured in cryptocurrency was used by the attacker to purchase more NFTs. He then withdrew the NFTs, without returning the borrowed funds, exploiting the vulnerability.<\/p>\n<p>The stolen assets were sent to the Tornado Cash mixing service.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/ikDaD4G-s8-DwCuSAPsC4u0erLA21sMPsdhTnafTsXw7LCJe7Wn1qD2u-6TkpkpzqRzAE18a3b9PmVw3lKZLAzrF48on7qy-7zYTKZK4sAkfRkFEsVVfKldSG_efpUdGE7HwNGCrNTcNYIiAMg4\" alt=\"Hacker siphons off about $1.5 million from the Omni protocol\"\/><figcaption>Data: <a href=\"https:\/\/etherscan.io\/address\/0x627a22ff70cb84e74c9c70e2d5b0b75af5a1dcb9\">Etherscan<\/a>.<\/figcaption><\/figure>\n<p>The Omni team said that the protocol is still in beta, so users&#8217; funds were not affected by the incident.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Statement:<\/p>\n<p>1\/ OMNI is still in a testing (beta). No customer funds were lost, only internal testing funds were affected!<\/p>\n<p>We have suspended the OMNI protocol until we completed the investigation and have everything reviewed again by external security and auditing firms.<\/p>\n<p>\u2014 OMNI (@OMNI_xyz) <a href=\"https:\/\/twitter.com\/OMNI_xyz\/status\/1546143829375459332?ref_src=twsrc%5Etfw\">July 10, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abWe have suspended the OMNI protocol until we complete the investigation and recheck everything with the help of external security and auditing firms\u00bb, the developers said.<\/p>\n<\/blockquote>\n<p>In the first half of 2022, hackers targeting the crypto industry <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-stole-almost-2-billion-from-crypto-projects-in-the-first-half-of-2022\">stole $1.97 billion<\/a> in attacks on 175 projects.<\/p>\n<p>Read ForkLog&#8217;s Bitcoin news on our <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Telegram<\/a> \u2014 news on cryptocurrencies, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unknown actor stole assets worth more than 1,300 ETH (about $1.48 million) from the Omni lending protocol using a reentrancy attack.<\/p>\n","protected":false},"author":1,"featured_media":64207,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154],"class_list":["post-64206","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"20","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/64206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=64206"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/64206\/revisions"}],"predecessor-version":[{"id":64208,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/64206\/revisions\/64208"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/64207"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=64206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=64206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=64206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}