Gondi disables smart contract bug after $230k exploit

Unexploitable Token platform Gondi says it has disabled a faulty smart contract that allowed a hacker to steal $230,000 worth of NFTs from its protocol and is now in the process of compensating affected customers.

Gondi told XPost on Monday that the hacker used a “sale and repayment” contract that allowed borrowers to sell canceled NFTs and pay off loans on the platform.

Gondi said an updated version of that contract was distributed on February 20, but did not confirm how the hacker was able to exploit it. Gondi said no other part of the platform was affected by the exploit.

Data from Ethereum block explorer Etherscan shows that 78 NFTs were stolen on Monday at 8:12 am UTC. Blockchain security platform Blockaid estimated the damage at $230,000.

In an update, Gondi said the focus has shifted to making affected users whole, after Blockaid and an independent auditor reviewed the platform and concluded it was safe to use.

This includes paying off loans, renegotiating, refinancing loans and new loans from buying, selling, trading and listing NFTs on the platform.

Gondi said it has not yet deployed a fix for the sales and chargeback contract, which has now been disabled.

Crypto Samaritans helped Gondi recover NFTs.

While Blockaid says the hacker has started selling some of the stolen NFTs, NFT community members Doodle, Aluminum Gazer, Lil Pudgy and Moses were able to return as servers of NFTs, Gondi noted.

“We are in active discussions on additional items and expect more, including Taxme.”

Crypto researcher “tinock” on X reported that a Gondi user wallet address “0x8d1…47051” lost about $108,000 worth of NFTs, which is about half of the protocol theft.

Related: Magic Eden drops EVM, Bitcoin NFT markets to focus on gambling

Gondi said it had bought “comparable items” from the same NFT portfolio and delivered them to the affected owners and would continue to do so for the rest of the cases.

“Although it is not the exact same part, we believe that this is a correct and meaningful solution and is being coordinated directly with each owner.”

Magazine: What is ‘Network State' and any real life examples? Big questions

Cointelegraph is committed to independent and transparent journalism. This news article is prepared in accordance with Cointelegraph's Editorial Policy and aims to provide accurate and up-to-date information. Readers are encouraged to verify information independently. Read our editorial policy