An exploit on Ethereum-based NFT lending protocol Gondi is pushing smart-contract approvals and recovery risk back into focus after blockchain security firm Blockaid said about $230,000 was stolen and the attacker had already started selling the NFTs.
Blockaid said in a March 9 alert on X that its exploit detection system identified a $230,000 exploit on Gondi and that around 40 NFTs were stolen, with the exploiter beginning to sell them. Gondi’s official statement said users were told not to repay loans until the team confirmed the platform was secure, to revoke approvals for affected contracts through Revoke.cash, and to avoid initiating new activity on the protocol.
The immediate facts remain narrow but important. Blockaid’s alert points to a contract-level exploit on Ethereum rather than a broader market event, and the report that roughly 40 NFTs were taken suggests the attacker moved quickly enough to start monetizing inventory before any full containment was visible.
That matters because NFT lending protocols are unusually sensitive to timing once collateral is touched. A stolen fungible token position can often be split, mixed, or bridged in chunks. A stolen NFT book is different. The attacker usually needs to liquidate or refinance recognizable assets collection by collection, which means market visibility can rise even as recovery becomes harder.
The strongest practical signal from the incident is not only the theft itself. It is the user guidance that followed. Telling users to revoke approvals and avoid new activity suggests the risk was linked to contract permissions or at least serious enough that keeping existing wallet allowances live was no longer considered safe.
That is a familiar weak point in Ethereum applications. Users often grant contracts the right to move assets on their behalf in order to borrow, lend, trade, or refinance. Those permissions improve usability, but they can remain dangerous if a contract path is compromised or if an exploitable interaction stays available after the first attack.
In an NFT lending setting, that risk can be especially sharp because approvals do not only govern token spending. They can also affect collateral routing, refinancing mechanics, and the ability to move valuable individual assets quickly once a vulnerability is discovered.
NFT lending is built on thin liquidity, discrete collateral, and faster repricing under stress. That means a protocol exploit can damage more than user balances. It can also disrupt active loans, refinancing behavior, borrower confidence, and collection-level pricing if stolen NFTs are pushed into the market too quickly.
That is why Gondi’s reported instruction not to repay loans until the platform confirms security is significant. In a lending protocol, normal user actions can sometimes interact with vulnerable code paths, affect collateral positions, or complicate forensic review. Freezing routine activity, even informally, is often less about optics and more about preventing a second wave of losses while engineers isolate the issue.
The next meaningful question is not just how many NFTs were taken. It is whether the stolen assets can be traced, frozen, or sold into enough liquidity to complete the attacker’s exit. Because NFTs are collection-specific and less fungible than ERC-20 balances, disposal risk depends heavily on marketplace routing, floor-depth conditions, and whether major venues or counterparties react quickly.
For users and lenders, the bigger takeaway is structural. This exploit is another reminder that wallet security in DeFi and NFT finance is not only about private keys. It is also about standing permissions, contract pathways, and how much control a protocol still has once something breaks. In that sense, the Gondi incident is not only a theft story. It is a reminder that approval hygiene and fast incident response remain central to asset safety in NFT-backed finance.
The post Gondi Exploit Puts NFT Loan Approvals and Asset Recovery in Focus appeared first on Crypto Adventure.
