An unknown person stole assets worth more than 1300 ETH (~$1.48 million) from the Omni lending protocol using a re-entry attack.

The platform provides an opportunity to borrow funds secured by NFT. The hacker used tokens from the Doodles collection to attack.

The attacker used the secured loan in cryptocurrency to buy more NFT. He withdrew the latter without returning the borrowed funds, due to vulnerability.

The hacker sent the stolen assets to the Tornado Cash mixing service.

The Omni team reported that the protocol is in beta testing, so the incident did not affect user funds.

Statement:

1/ OMNI is still in a testing (beta). No customer funds were lost, only internal testing funds were affected!

We have suspended the OMNI protocol until we completed the investigation and have everything reviewed again by external security and auditing firms.

“We have suspended the OMNI protocol until we complete the investigation and check everything again with the help of external security and audit firms,” the developers said.

Recall that in the first half of 2022, hackers targeting the crypto industry stole $1.97 billion as a result of attacks on 175 projects.