todayonchain.com

NFT platform Gondi moves to make users whole after $230,000 contract exploit

The Block
NFT platform Gondi is compensating users after an exploit in its Sell & Repay contract led to the theft of about $230,000 in NFTs.

Summary

NFT platform Gondi has contained a security exploit that resulted in the theft of approximately $230,000 worth of NFTs, affecting dozens of victims across about 40 transactions. The attack exploited faulty logic in the "Purchase Bundler" function of a newly deployed version of its Sell & Repay contract, which is part of its NFT lending protocol.

Gondi has since disabled the vulnerable feature and confirmed that other platform functionalities, including active loans, remained unaffected. The platform has been reviewed by Blockaid and an independent auditor, and normal activity is safe to resume.

The team is actively working to make affected users whole through restitution, which includes directly repaying impacted users, tracking down and returning stolen NFTs purchased by unaware buyers, and using protocol fees to buy comparable items from 1/1-of-X collections to offset losses for owners of irreplaceable NFTs.

(Source:The Block)