Scams Radar

Icon-facebook Icon-instagram-1 Tiktok Telegram Whatsapp Youtube Youtube

Gondi NFT Platform Exploited for $230K – Team Commits to Making Users Whole

Hacker monitoring multiple screens during a crypto market cyber attack with red trading charts and financial data

On February 20, 2026, Gondi deployed an updated version of its Sell & Repay contract — a core lending feature that lets borrowers sell escrowed NFTs and automatically repay loans in a single bundled transaction. A logic flaw in the new “Purchase Bundler” function failed to properly verify that the caller was the legitimate owner or borrower of the NFT, allowing an attacker to drain assets.

Etherscan data shows the exploit occurred across ~40 transactions, draining 78 NFTs to an address now labeled GONDI Exploiter. Stolen items included:

  • 44 Art Blocks tokens
  • 10 Doodles
  • 2 Beeple “Spring Collection” pieces
  • Various other high-value NFTs

One reported victim lost approximately 55 ETH (~$108,000 at the time), per NFT collector tinoch.

Gondi’s Immediate Response & Containment

Gondi quickly disabled the vulnerable Sell & Repay feature while keeping all other protocol functions (buying, selling, listing, bidding, trading, loan origination, refinancing, and repayments) fully operational.

The team engaged Blockaid for real-time monitoring and an independent auditor to review the protocol post-exploit. After verification, Gondi declared the rest of the platform safe and reversed its earlier caution against user interaction.

Restitution Plan Underway

Gondi has taken multiple steps to compensate affected users:

  • Direct outreach to every wallet that interacted with the vulnerable contract.
  • Recovery of several stolen NFTs purchased on secondary markets by unaware buyers.
  • Use of protocol fees to buy “comparable items” from 1/1-of-X collections for victims whose exact NFTs cannot be retrieved.
  • Ongoing discussions with owners of unique 1/1 pieces that are difficult to replace.

While not every item can be returned identically, the team describes the approach as “fair and meaningful resolution” and is coordinating individually with each impacted user.

Background on Gondi Protocol

Gondi is a decentralized, non-custodial NFT lending marketplace where users:

  • Post NFTs as collateral to borrow assets
  • Lend against NFT collateral to earn interest
  • Refinance existing NFT loans

The exploit was isolated to the Sell & Repay module and did not affect active loans, escrowed collateral, or other core marketplace functions.

Market & Security Context (March 9–10, 2026)

  • No significant secondary market panic sell-off observed in major NFT collections.
  • Bitcoin traded near $113,000 and Ethereum around $4,100 with muted reaction.
  • The incident underscores persistent smart-contract risks in NFT lending protocols despite recent improvements in auditing and monitoring tools.

Reviews:

Leave Your Review Here:

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Scams Radar disclaimer highlighting educational purpose, no financial guarantees, risk warnings, and independent opinions.