SuperRare NFT art platform hacked, $730K RARE tokens stolen

SuperRare, a prominent NFT art platform, has been hit by a smart contract exploit, resulting in the theft of $730,000 worth of its native RARE tokens.

The breach, which exploited a vulnerability in one of its staking contracts, has once again spotlighted the persistent risks surrounding DeFi and NFT infrastructure.

While the core SuperRare platform remains unaffected, the incident has raised serious questions about the security of governance token mechanisms and the overall resilience of crypto protocols.

A flawed smart contract opened the door for the hack

The attack stemmed from a coding flaw in the updateMerkleRoot function of an old SuperRare staking smart contract.

Due to a misconfigured condition in the contract’s authorisation logic, the attacker was able to manipulate the Merkle root and claim tokens without proper verification.

This vulnerability allowed the hacker to transfer 11,907,874 RARE tokens, equivalent to $730,000, into their own address in a single transaction.

According to Cyvers Alerts, the attacker had funded their wallet using Tornado Cash 186 days before the breach.

This move likely aimed to conceal the origin of funds and delay detection.

After waiting for months, the hacker deployed a front-running smart contract just one block before executing the exploit, a method that added a layer of sophistication to the attack.

Tokens moved, platform unaffected

Despite the successful theft, SuperRare clarified that the exploit only affected one staking vault.

All NFTs on the platform remain safe, and there were no breaches involving the main trading or auction infrastructure.

Notably, the stolen tokens have not been swapped or laundered since the incident, and they continue to sit in the attacker’s wallet.

SuperRare responded swiftly by freezing affected accounts and initiating investigations in collaboration with cybersecurity firms.

The platform also brought in third-party auditors to review its broader codebase. So far, no compensation plans, such as a token airdrop or hard fork, have been announced.

RARE token price dips amid trader concerns

Following the news, the RARE token dropped by 12%, reflecting heightened trader anxiety.

Although the token later stabilised at around $0.06, the breach sparked new concerns over the security of governance tokens, particularly those used in staking and reward systems.

SuperRare price chart | Source: Coingecko

With limited liquidity, any attempt to liquidate the stolen tokens could cause further downward pressure on the token’s price.

Eyes are now on how SuperRare handles its recovery efforts.

Notably, the platform, which has a lifetime trading volume of $950 million, has seen reduced activity in recent months.

With fewer than 10 daily users and a daily trading volume of just $16,000, rebuilding confidence could prove challenging.

The post SuperRare NFT art platform hacked, $730K RARE tokens stolen appeared first on Invezz