Gondi Disables Smart Contract Bug After $230K Exploit

Nonfungible token platform Gondi said it has disabled the faulty smart contract that allowed a hacker to steal $230,000 worth of NFTs from the protocol, adding it is now in the process of compensating affected customers.

Gondi said in an X post on Monday that the hacker exploited the “Sell & Repay” contract, which lets borrowers sell escrowed NFTs and automatically repay loans on the platform.

Gondi noted that an updated version of that contract was deployed on Feb. 20 but didn’t confirm how the hacker managed to exploit it. Gondi said no other part of the platform was affected by the exploit.

Data from Ethereum block explorer Etherscan shows 78 NFTs were stolen on Monday at about 8:12 am UTC. Blockchain security platform Blockaid estimated the damage to be $230,000.

In an update, Gondi said its “focus has shifted entirely to making affected users whole” and that Blockaid and an independent auditor have since reviewed the platform, concluding it to be safe to use.

That includes repaying, renegotiating, refinancing loans and starting new loans in addition to buying, selling, trading and listing NFTs on the platform.

Gondi said it has not yet deployed a fix to the Sell & Repay contract, which has now been disabled.

Crypto Samaritans help Gondi recover NFTs

While Blockaid said the hacker had started selling some of the stolen NFTs, members of the NFT community managed to recover and return Doodle, Aluminum Gazer, Lil Pudgy and Servant of the Muse NFTs, Gondi noted.

“We are in active conversations on additional items and expect more to follow, including Taxmen.”

Crypto researcher “Tinoch” noted on X that one Gondi user, with wallet address “0x8d1…47051,” lost around $108,000 worth of NFTs, accounting for nearly half of the protocol theft.

Related: Magic Eden winds down EVM, Bitcoin NFT markets to focus on gambling

Gondi said it has already bought “comparable items” from the same NFT collections and transferred them to affected owners, and will continue to do so for any remaining cases.

“While not the exact same piece, we believe this is a fair and meaningful resolution and are coordinating directly with each owner.”

Magazine: What’s a ‘Network State’ and are there real-life examples? Big Questions

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy