Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The NFT platform Gondi recently suffered a smart contract vulnerability attack, resulting in the theft of approximately 78 NFTs, with losses of about $230,000. According to an official announcement from Gondi, the attack is related to the new Sell & Repay contract deployed on February 20. Its Purchase Bundler function contained a logical flaw and failed to properly verify whether the caller was the legitimate owner or borrower of the NFT. The stolen NFTs include 44 Art Blocks, 10 Doodles, and 2 Beeple artworks, among others. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 230,000.
- chain
- —
- protocol
- Gondi
- bug_class
- logic
- date_occurred
- 2026-03-10
- loss_usd
- $230,000
- source_id
- sm:gondi::2026-03-10