Gondi says the exploit disclosed earlier this week is now fully contained, with no further NFTs at risk, narrowing the incident to a single contract path and allowing most activity on the platform to resume.
In an official March 10 update, Gondi said the exploit was isolated to the Sell & Repay contract deployed on February 20, that only a limited number of NFTs were affected, and that all impacted users who interacted with that contract had been contacted directly by the team. The platform also said NFTs in active loans were never affected and that buying, selling, listing, accepting bids, and trades were never affected at any point.
The new update materially narrows the scope of the incident. Yesterday’s response centered on emergency user guidance, paused activity, and approval cleanup while the team investigated. The latest statement shifts the story from active incident response to containment, with Gondi now saying the broader platform is safe to use again outside the still-disabled Sell & Repay feature.
That matters because the original concern was not only the stolen assets themselves. It was the uncertainty around whether the exploit path could continue affecting more users or spill into core NFT lending activity. Gondi’s latest statement is designed to answer that directly: the issue was contract-specific, limited in scope, and did not reach NFTs backing active loans.
According to Gondi, the exploit was confined to the Sell & Repay contract deployed on February 20. The team has not, in the official update cited here, published a full technical postmortem or an exact final count of impacted NFTs. But it did draw a clear line between the affected feature and the rest of the protocol.
The platform said active-loan NFTs were never at risk at any point. It also said core marketplace functions, including listing for sale, buying, accepting bids, and trades, were not affected at any point. That distinction is important because it separates a contract-path exploit from a protocol-wide custody failure.
Gondi also told users it would compensate affected accounts by purchasing comparable NFTs from the same collections, while noting that the Sell & Repay feature remains paused as a fix is deployed.
Gondi says users can now safely resume repaying, renegotiating, and refinancing loans, starting new loans, and using the platform’s buying, selling, bidding, and trading functions. The one exception is Sell & Repay, which remains disabled while the team deploys a fix.
That is a meaningful operational reset. In NFT lending, even a narrow exploit can freeze user behavior because borrowers, lenders, and traders do not know whether routine actions might still interact with the vulnerable path. By explicitly reopening most functions, Gondi is signaling that the containment work is finished enough for normal usage to resume across the rest of the platform.
The biggest shift here is from uncertainty to segmentation. Gondi is telling users that the exploit was limited to one contract, not to active loan collateral, and not to the platform’s general trading and lending infrastructure. For users, that sharply reduces the perceived blast radius. For the market, it means the remaining question is no longer whether the entire protocol is safe, but how quickly Gondi can patch and restore the disabled Sell & Repay feature.
That also makes the next phase of the story more technical than urgent. The market will now watch for a fuller postmortem, any additional detail on how the February 20 contract was exploited, and how Gondi finalizes remediation for affected users. The immediate crisis language, however, has clearly changed. Gondi’s own position is now that the exploit is contained, the broader platform is operational, and the remaining work is focused on fixing one isolated feature.
The post Gondi Says Exploit Is Contained as Most Platform Activity Resumes appeared first on Crypto Adventure.
