NFT lending platform Gondi disables vulnerable contract after $230K exploit, begins compensation

Published: 2026-03-10 02:46:18 |

Gondi, an NFT lending protocol, disabled a faulty “Sell & Repay” smart contract after a hacker stole 78 NFTs — estimated at about $230,000 — on Feb. 20. The exploit affected only the Sell & Repay contract; the team says the rest of the platform remains secure. Blockchain security firm Blockaid and an independent auditor reviewed Gondi and found it safe to resume platform activity. Gondi is focused on making affected users whole: it has already purchased comparable NFTs from the same collections and returned or transferred replacements to victims, and community members recovered and returned several high-profile items (including Doodle and Lil Pudgy pieces). One wallet lost roughly $108,000 — nearly half the theft. Gondi has disabled the vulnerable contract but has not yet deployed a permanent fix. Traders should note the incident involved an NFT lending smart contract exploit, the partial recovery of assets, ongoing compensations, and a third-party security review indicating the platform is currently secure for buying, selling, trading, listing, and loan operations.

Neutral

The impact is neutral because the exploit was limited to one contract (Sell & Repay) and the protocol disabled it quickly, limiting further losses. A third-party security review (Blockaid and an independent auditor) cleared the platform for normal operations, and Gondi is actively compensating victims and replacing stolen items — measures that restore user confidence. However, hacks historically reduce short-term trust and can pressure NFT and lending activity: traders may see temporary volatility in related NFT markets and reduced lending volume while users await a formal patch and proof of a permanent fix. In the short term, expect cautious trading, potential underperformance of assets tied to Gondi’s marketplace, and heightened scrutiny of NFT lending protocols. In the medium to long term, if Gondi deploys a robust fix, completes reimbursements, and transparency is maintained, the event should have limited lasting market impact. Comparable past incidents (protocols that isolated a breach, compensated users and passed audits) caused brief market nervousness but limited sustained price effects once remediation was credible.