Hacker hits SuperRare NFT platform for $730K in RARE tokens exploit

The SuperRare NFT art platform was exploited through a staking smart contract. The attacker managed to move $730K in RARE tokens from a long-inactive contract. 

The SuperRare platform suffered a relatively small exploit, which shows that hackers are still on the lookout for risky smart contracts. On-chain investigators intercepted $730K in RARE tokens, which were moved to the hacker’s wallet and remained inactive for a while after the hack. 

The exploiter’s wallet was funded by Tornado Cash and waited for months before the attack. The funds are yet to be swapped and re-mixed. 

🚨ALERT🚨Our system has detected a malicious transaction targeting a @SuperRare staking contract.

The attacker’s address, funded via @TornadoCash approximately 186 days ago, executed the exploit and gained 731K worth of $RARE.

The stolen funds currently remain in the attacker’s… pic.twitter.com/9CZ6IG4b4B

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 28, 2025

According to smart contract investigators, the main reason was a flawed check, which allowed anyone to claim the tokens from the contract. 

The recent hacking activity continues the trend from the first half of 2025, when exploits reached a new peak. Smart contracts remain one of the most vulnerable and are especially targeted by DPRK hackers. The Ethereum chain is also selected for the ability to swap and mix tokens with ease.

RARE tokens are safe; only one staking vault attacked

All tokens were claimed in a single transaction, for a total of 11,907,874 RARE. The exploiter built another smart contract to generate the transaction, using a front-runner to grab the RARE tokens. 

🚨 Our real-time exploit detection systems had identified malicious transactions targeting one of the staking contracts used by @SuperRare

The attacker had deployed an exploit contract – but the actual attack was performed by a frontrunner one block later.

Updates in 🧵 pic.twitter.com/WzqePDzbhJ

— Blockaid (@blockaid_) July 28, 2025

The Lisa AI agent also explained the attack in detail, based on the open-source smart contract. 

“The updateMerkleRoot function uses an incorrect condition in the require statement, allowing any address to update the merkle root. The intended authorization check for the owner or a specific address is flawed due to a logical error in the condition. This allows unauthorized users to set a new merkle root, potentially enabling fraudulent claims and draining of contract funds.”

The hacker’s wallet only shows the exploit transaction, but it has been linked to a larger wallet mostly used for liquidity pools. The connected wallet also contained $563.15K in RARE tokens. 

RARE remains unaffected beyond its usual volatility. The token traded around $0.06, with its activity mostly on MEXC and Gate.io. The token is not affected, except for any related panic-selling. The only affected contract is one version of RARE staking. 

SuperRare remains a niche NFT platform

SuperRare is yet to benefit from the growth of NFT activity. The platform achieved a lifetime trading volume of $950M, with around 6,550 traders. 

Daily, the platform has under 10 buyers and sellers, with volumes down to $16,000. The platform trades in art with a relatively low price around $5, with some of the items selling after years of holding. 

The RARE token activity was one of the factors keeping SuperRare in the spotlight. The utility of RARE tokens remains limited due to the slow NFT market. The only option for the hacker would be to liquidate the tokens, potentially tanking the price due to its low liquidity. 

The platform itself remains safe, continuing to post auctions and its low-level general NFT swaps. No NFT items were stolen or affected.

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More