In a shocking turn of events within the cryptocurrency world, the NFT marketplace SuperRare has faced a serious security breach, leading to the loss of a staggering 11.9 million RARE tokens. This exploit, rooted in the RareStakingV1 contract, reveals not just the vulnerabilities that still exist in blockchain technology but also highlights the incredible stakes involved as the NFT market experiences a revitalization surge.
But don’t panic just yet—it’s crucial to understand that while the RareStakingV1 contract was compromised, the core functionalities of the underlying $RARE token contract remained intact. This nuance offers a glimmer of hope amid the chaos of the incident, but it raises pressing questions about the future security measures NFT platforms must embrace.
SuperRare, renowned for its focus on quality curation and the discovery of talented creators, had launched the Rare Protocol as part of its staking and curation initiative back in August 2023. This initiative was designed to empower artists and their communities, enabling participants to stake their native $RARE tokens on their favorite creators and earn rewards when those artists make successful sales. However, this recent exploit underlines how even the most promising platforms can be blindsided by technical weaknesses.
So, what went wrong? The security experts at Blockaid, alongside the intelligence powerhouse MistEye, pinpointed the exploit’s origin to a faulty permission check in the “updateMerkleRoot” function of the RareStakingV1 contract. This key function is supposed to restrict who can update the Merkle Root—a critical component for validating staking and rewards claims. However, a flaw in the code allowed anyone to manipulate the Merkle Root and claim tokens without authorization.
🚨 Our real-time exploit detection systems had identified malicious transactions targeting one of the staking contracts used by @SuperRare. The attacker had deployed an exploit contract – but the actual attack was performed by a frontrunner one block later. Updates in 🧵 pic.twitter.com/WzqePDzbhJ— Blockaid (@blockaid_) July 28, 2025
As the exploit unfolded, Blockaid reported a two-step process: the initial deployment of the exploit contract followed by a cunning frontrunner attack that seized the opportunity to drain funds just one block later. This clever maneuver underscores the sophisticated tactics employed by hackers in current DeFi environments.
🚨SlowMist TI Alert🚨 MistEye detected that @SuperRare has been exploited. The root cause for this exploit was an incorrect permission check in the updateMerkleRoot function, allowing anyone to modify the Merkle Root and claim tokens. As always, stay vigilant!… pic.twitter.com/n5J0o6hqgq— SlowMist (@SlowMist_Team) July 28, 2025
The scale of the theft is staggering—around $731,000 worth of $RARE has been siphoned from the platform and currently sits within the attacker’s contract, untouched and unmoved. Notably, Cyvers, a blockchain analytics firm, traced the attacker’s funding back to Tornado Cash approximately 186 days before the exploit took place. This history highlights the ongoing challenges related to anonymity and fund flow tracing in the crypto realm.
🚨ALERT🚨Our system has detected a malicious transaction targeting a @SuperRare staking contract. The attacker’s address, funded via @TornadoCash approximately 186 days ago, executed the exploit and gained 731K worth of $RARE. The stolen funds currently remain in the attacker’s… pic.twitter.com/9CZ6IG4b4B— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 28, 2025
The identity of the attacker is still somewhat cloaked in mystery; they appear to be an active participant in decentralized finance (DeFi), having engaged with various platforms like Pendle and Uniswap. This raises an important point: security in the DeFi sector is critical, especially as the NFT market shows signs of revival.
Interestingly, this exploit comes amid a notable resurgence in the NFT landscape, which recently added over $1 billion in value within a mere 24 hours. Trading volumes have skyrocketed by 287%, totaling around $37.4 million, signaling renewed interest and activity in the space. A surge in Ethereum’s price has undoubtedly fueled this revival, with ETH climbing 55% over the past month, reaching highs not seen since December 2024.
🖼️ NFT market cap surges 94% to $6.6 billion in July as CryptoPunk sells for $5 million with blue-chip collections driving 40% price jump. #NFTs #Trading https://t.co/e7qERHc30M— Cryptonews.com (@cryptonews) July 25, 2025
As platforms grow, the responsibility of securing user assets becomes paramount. Notably, collections like CryptoPunks and Pudgy Penguins are leading this revival wave, with the former experiencing a significant 16% increase in floor price, generating millions in sales momentum. This is a vivid reminder of how vital strong security measures are for fostering trust and attracting ongoing investment.
In the aftermath of this exploit, SuperRare has yet to provide a comprehensive analysis or a roadmap for future remediation efforts. The events surrounding this incident could serve as a crucial lesson for the entire NFT market and DeFi ecosystem as they move forward. How can platforms innovate while simultaneously enhancing security? The crypto community is waiting and watching as these questions unfold.
As always, staying educated and vigilant about the security measures in the DeFi and NFT spaces is crucial for all participants. Be sure to keep an eye on updates from SuperRare and other projects to understand how they are adapting to prevent such breaches in the future.