NFT Lending Platform Gondi Promises Compensation After $230K Exploit
NFT lending platform Gondi said it will compensate users affected by an exploit that happened on Monday. In the incident, an attacker managed to steal NFTs worth about $230,000 from the protocol.
In a post-incident update, Gondi confirmed that the exploit targeted its “Sell & Repay” smart contract. This contract allows borrowers to sell NFTs that are held in escrow and then use the proceeds to repay their loans on the platform.
However, the vulnerability allowed the attacker to withdraw NFTs that were locked in the protocol. The total value of the stolen NFTs is estimated at around $230,000.
Gondi said an updated version of the contract had already been deployed on February 20, but the team has not yet explained exactly how the vulnerability was exploited.
The platform also clarified that the exploit did not affect other parts of the protocol. The vulnerable contract has now been paused while the team works on a fix, but other services on the platform remain operational.
“All users who interacted with this contract and were impacted have been contacted directly by our team,” Gondi said.
The platform added that it plans to compensate affected users by buying comparable NFTs from the same collections.
“While it may not be the exact same piece, we believe this is a fair and meaningful solution, and we are coordinating directly with each owner,” the team explained.
Following the incident, Gondi’s system was reviewed by the security firm Blockaid and an independent auditor. Both concluded that the protocol is safe to use.
Recovery efforts are ongoing
According to Blockaid, the attacker started selling some of the stolen NFTs after the exploit. As of the latest update, Gondi said that some NFTs are still in the attacker’s wallet, while others were sold to buyers who were unaware that the assets were stolen.
“We reached out to each buyer and asked for their help in returning the NFTs to their rightful owners,” the platform said.
So far, four NFTs have been recovered and returned by the community, including Aluminum Gazer, Servant of the Muse, Doodle, and Lil Pudgy.
Gondi also said it is using protocol fees to buy back recovered items and compensate affected users.
The Gondi exploit is the second crypto attack in the past two weeks. Previously, the Bitcoin-focused DeFi platform Solv Protocol was exploited, allowing a hacker to drain about $2.7 million from one of its token vaults.
