Gondi V3

2023-07-11

Gondi NFT lending protocol launches publicly on Ethereum; Florida Street announces $5.35 million seed round co-led by Hack.vc and Foundation Capital with participation from Dragonfly Capital and Pantera Capital.

2024-04-08

Code4rena (Zenith) conducts a Gondi Invitational audit with $74,600 USDC in prizes, reviewing V3 smart contracts.

2024-05-14

Code4rena conducts a Gondi Mitigation Review audit, identifying issues including tranche accounting errors, division ordering bugs, and access control gaps; mitigation review period runs through May 24, 2024.

2026-02-20

Gondi deploys an updated version of the Sell & Repay contract containing the Purchase Bundler component with a missing caller-verification check in the buy function.

2026-03-09

At approximately 8:12 AM UTC, an attacker executes approximately 40 transactions exploiting the Purchase Bundler's missing msg.sender check, draining 78 NFTs worth approximately $230,000 from users with active approvals but no outstanding loans. Blockaid detects and publicly discloses the attack. Stolen collections include Art Blocks, Doodles, SuperRare, and Beeple works.

2026-03-09

Gondi disables the Sell & Repay functionality and advises all users to revoke approvals for affected contracts via Revoke.cash. The team confirms active loan collateral was not affected.

2026-03-10

Gondi platform resumes operations for buying, selling, trading, and lending functions with the compromised contract excluded. Blockaid and an independent auditor review remaining contracts and clear them as safe. Gondi pledges restitution via protocol fee-funded comparable NFT purchases.

2026-03-10

Community members return several NFTs voluntarily, including Doodle, Aluminum Gazer, Lil Pudgy, and Servant of the Muse tokens. The largest single victim's loss is identified as approximately $108,000.