NFT lending platform Gondi has promised to compensate users after an exploit on Monday allowed an attacker to steal about $230,000 worth of NFTs from its protocol.
The attack targeted Gondi’s “Sell & Repay” contract, which lets borrowers sell escrowed NFTs and repay outstanding loans. After discovering the exploit, the platform paused the contract to prevent further issues while keeping other services running.
Gondi said all affected users have been contacted directly. To make them whole, the protocol plans to buy comparable NFTs from the same collections, even if they aren’t the exact items taken. “We believe this is a fair and meaningful resolution,” the team said.
An independent audit and review by Blockaid confirmed the rest of the protocol remains secure.
Some of the stolen NFTs had already been sold to buyers unaware of the exploit. Gondi reached out to these buyers to help return the items. At least four NFTs—including Aluminum Gazer, Servant of the Muse, Doodle, and Lil Pudgy—have already been recovered and returned. The platform is using its protocol fees to buy back items and compensate affected users.
This incident is Gondi’s second exploit in two weeks, following a hack on the Bitcoin-focused DeFi platform Solv Protocol, which lost roughly $2.7 million from one of its token vaults.
