OMPx Application Smart Contract Emptied

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

OMPx Logo/Hompage Screenshot

OMPx stands for 1 million pixels, and was a project which allowed users to purchase pixels on a website canvas. The project was built based on a similar concept to the million dollar homepage, which launched in 2005. Unfortunately, the project appears to have died out and stopped being promoted after a few weeks. Funds appear to have remained in a smart contract hot wallet, which was subsequently breached in August of 2024. The amount was misreported by multiple sources to be 10 times the actual original reported amount lost. There appears to be no word or update from the OMPx team.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18]

About OMPx

"Shared creative, marketing and investment place – all at once."

"OMPx, a new online multiplayer creative game, that is centered around an online canvas of one million (1000×1000) pixels for players to edit to their imagination, announces the free distribution of playground tokens to incentivize early players.

OMPx stands for OneMillionPixels. The new game recently released on Ethereum blockchain represents a digital canvas of 1000×1000 pixels, which registered players can edit by changing the color of a single pixel from a 24-bit (16 million color) palette. OMPx game, or more specifically, a decentralized app (dapp) is powered by a smart contract on the Ethereum blockchain and is operating without any human interference according to the Game Rules embedded into the smart contract.

OMPx smart contract, in exchange for Ether crypto coins (ETH), releases the dapp’s tokens (ERC20 OMPx tokens), to be used by players to paint the canvas’ pixels, one token for one pixel. This way, the more tokens a player has got, the more pixels she can paint, creating small logos and bigger pictures, writing slogans, embedding URL of websites in the repainted pixels,"

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"OMPx was attacked, resulting in a loss of approximately [$10,700]. The attacker obtained initial funds through Railgun, and the stolen funds have already been deposited into Railgun."

Key Event Timeline - OMPx Application Smart Contract Emptied
Date Event Description
April 10th, 2018 1:42:23 PM MDT OMPx Smart Contract Created The OMPx smart contract is originally created on the blockchain.
April 13th, 2018 2:30:35 PM MDT Bitcoinist Launch Article An article published in Bitcoinist explains what the OMPx project was intended to be.
April 14th, 2018 6:31:13 PM MDT YouTube Video Posted A YouTube video is posted which goes into depth about the project and highlights the live website where users have purchased pixels and made a large graphical canvas.
April 14th, 2018 8:14:00 PM MDT Token Purchase Reported OMPx tweets an update to note that over 2m tokens have now been purchased for their project.
April 25th, 2018 8:01:00 AM MDT Last Twitter Post The last Twitter post of the OMPx Twitter account is posted, which encourages users to join the Telegram. There doesn't appear to be any engagement with this final post.
August 15th, 2018 11:22:31 PM MDT OMPx Website Online The OMPx website appears to be online, although the version in the Wayback machine does not appear to load properly.
January 15th, 2021 5:30:17 PM MST Health Check Only The OMPx website displays only a healthcheck.html file in the main directory, and no relevant content.
August 6th, 2024 3:57:47 AM MDT Smart Contract Created The malicious smart contract is created which will be used in the attack.
August 6th, 2024 3:58:11 AM MDT Blockchain Transaction The suspicious transaction occurs on the Ethereum blockchain.
August 6th, 2024 4:18:00 AM MDT Cyvers Alert Post Made The Cyvers team issues an alert about the suspicious transaction on Twitter, with a "total loss [of] approximately $10.7K".
August 6th, 2024 4:22:12 AM MDT PANews Article Larger Loss A PANews article reports that $107k has been lost in the attack. This amount would later be used in an updated posted by SlowMist.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

Actual loss was $10.7k and reported incorrectly as $107k by PANews and other sources.

The total amount lost has been estimated at $11,000 USD.

Immediate Reactions

"OMPx was attacked, resulting in a loss of approximately $107,000. The attacker obtained initial funds through Railgun, and the stolen funds have already been deposited into Railgun."

"PANews News on August 6, according to Cyvers Alerts monitoring, its system has detected suspicious transactions involving OMPx (@OMPxDapp), with a total loss of approximately US$107,000. The attacker obtained initial funds through Railgun, and the stolen funds have been deposited in Railgun."

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Cyvers Alerts:OMPx项目疑似遭遇攻击,总损失约10.7万美元 - PANews (Accessed Sep 3, 2024)
  2. @CyversAlerts Twitter (Accessed Sep 3, 2024)
  3. Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Sep 3, 2024)
  4. Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Sep 3, 2024)
  5. ompx.io (Accessed Sep 3, 2024)
  6. Index of / (Accessed Sep 3, 2024)
  7. OMPx (Accessed Sep 3, 2024)
  8. OMPxContract | Address 0x09a80172ed7335660327cd664876b5df6fe06108 | Etherscan (Accessed Sep 3, 2024)
  9. Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Sep 3, 2024)
  10. https://www.reddit.com/r/a:t5_hvcu3/comments/8bjvie/one_million_pixels/ (Accessed Sep 3, 2024)
  11. The Million Dollar Homepage - Own a piece of internet history! (Accessed Sep 3, 2024)
  12. The Million Dollar Homepage - Wikipedia (Accessed Sep 3, 2024)
  13. https://www.binance.com/fr-AF/square/post/2024-08-06-suspicious-transactions-involving-ompx-result-in-107-000-loss-11800913678521 (Accessed Sep 3, 2024)
  14. https://coincodex.com/dapp/ompxsharedgrowthgame/ (Accessed Sep 3, 2024)
  15. https://www.binance.com/en/square/post/2024-08-06-ompx-10-7-11800916937458 (Accessed Sep 3, 2024)
  16. BREAKING NEWS: OMPx Game Announces Limited Supply of Playground Tokens Available for Free to Walk-In Players | Bitcoinist.com (Accessed Sep 3, 2024)
  17. OMPx: Shared Growth Game dApp: Expert Insights & Technical Analysis (Accessed Sep 3, 2024)
  18. @OMPxDapp Twitter (Accessed Sep 3, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=OMPx_Application_Smart_Contract_Emptied&oldid=6302"