Gondi’s Commitment to Users After NFT Exploitation
Gondi, the lending service specializing in non-fungible tokens (NFTs), has pledged to make whole its users who fell victim to a recent exploitation that resulted in the loss of approximately $230,000 in NFTs. An exploit involving the platform’s ‘Sell & Repay contract’ was identified on Monday, allowing a malicious actor to drain these assets from Gondi’s escrow.
“This contract enables users to sell their escrowed NFTs while permitting them to repay existing loans facilitated by the platform.”
An upgraded version of this contract was rolled out on February 20, although the company has not disclosed the specifics of how the attacker maneuvered through the vulnerability. As of now, the compromised contract has been suspended, but Gondi has assured that other functionalities of the platform remain active while it seeks to remedy the situation.
Response to Affected Users
The company reached out to all affected users, confirming that they were directly informed about the incident. In follow-ups, Gondi outlined its strategy to resolve the situation by procuring similar NFTs from the same collections for the victims. The company noted:
“Though the replacements won’t be identical, we consider this an equitable solution and are personally engaging with each user involved.”
Security Measures and Community Support
To ensure security moving forward, Gondi has undergone reviews by Blockaid and an external auditing firm, both affirming the protocol’s safety. Information from Blockaid revealed that the malicious individual attempted to liquidate several of the pilfered NFTs shortly after the hack. At present, remnants of the stolen assets are still found in the assailant’s wallet, while others have unknowingly been sold to uninformed buyers.
Gondi has made efforts to contact these new owners, seeking their cooperation to return the NFTs to their legitimate proprietors. Fortunately, the NFT community has rallied, recovering and returning at least four NFTs, including notable pieces like Aluminum Gazer and Servant of the Muse.
Plans for Compensation
As a means of addressing the losses, Gondi plans to utilize its protocol fees to facilitate the repurchase of these returned items and offer compensation to affected users. Notably, this incident at Gondi is the second exploit in the recent two weeks within the decentralized finance (DeFi) space; a similar incident occurred with the Bitcoin-oriented Solv Protocol, which saw around $2.7 million in funds extracted from a token vault just last week.
