NFT trading platform SuperRare experienced a significant exploit on July 29, 2025, resulting in the theft of approximately $730,000 in RARE tokens. Experts attributed the vulnerability to a basic bug in the smart contract that was intended to restrict certain addresses from modifying the Merkle root, which governs user staking balances. Instead, the code allowed any address to interact with the function, leading to the breach. The error was notable enough that it could have been detected by tools like ChatGPT or any competent Solidity developer. SuperRare's co-founder, Jonathan Perkins, stated that while no core funds were lost, users affected by the exploit would be compensated. Despite claims of undergoing audits and testing, Perkins acknowledged that the bug stemmed from modifications made late in the development cycle that were not adequately tested. Industry experts emphasized the necessity of thorough testing and the importance of rigorous audits to prevent such flaws, highlighting that even minor oversights can lead to significant financial losses in the decentralized finance landscape.

Source 🔗