NFT lending platform Gondi said a hacker exploited a smart contract vulnerability to steal roughly $230,000 worth of nonfungible tokens from the protocol.
The incident targeted the platform’s Sell & Repay contract, which allows borrowers to sell escrowed NFTs and automatically repay loans within the lending system.
Gondi said it had disabled the affected contract and confirmed that no other parts of the platform were compromised.
Blockchain data from Etherscan shows that 78 NFTs were taken at about 8:12 am UTC, while blockchain security firm Blockaid estimated the total losses at around $230,000.
The protocol said its priority is compensating affected users and added that Blockaid and an independent auditor have since reviewed the platform and concluded it remains safe to use.
Members of the NFT community helped recover several stolen assets, including items from the Doodles, Aluminum Gazer, Lil Pudgy and Servant of the Muse collections.
Gondi said it has already purchased comparable NFTs from the same collections and transferred them to victims, adding that it will continue replacing assets where recovery is not possible.