SuperRare Staking Contract Exploited—$730K in RARE Tokens Drained
Another day, another crypto exploit. This time, it’s SuperRare—the NFT platform that’s been flying under the radar lately. An attacker managed to siphon off around $730,000 worth of RARE tokens from an old staking contract. Not exactly a headline-grabbing sum compared to some of the massive hacks we’ve seen, but it’s a reminder that even dormant contracts aren’t safe.
The exploit was first flagged by on-chain sleuths at Cyvers Alerts. According to their findings, the hacker’s wallet had been sitting quietly for months, funded initially through Tornado Cash—the go-to mixer for anyone trying to cover their tracks. The stolen tokens haven’t been moved or swapped yet, which is… odd. Maybe they’re waiting for the heat to die down, or perhaps they’re just biding their time.
How It Happened
The attack wasn’t exactly sophisticated. Investigators say the staking contract had a flawed check—basically, a tiny oversight that let *anyone* claim the tokens. No fancy hacking skills required. The exploiter deployed a separate contract to front-run the transaction, grabbing all 11.9 million RARE tokens in one go.
Blockaid, another security firm, dug into the details. The issue? A messed-up authorization check in the contract’s code. The function meant to update the Merkle root (a kind of security feature) didn’t properly verify who was calling it. So, the attacker could just waltz in and set a new root, opening the door to drain the funds.
RARE Token Impact—Minimal, for Now
The good news? The rest of SuperRare’s ecosystem seems untouched. No NFTs were stolen, and the RARE token itself hasn’t tanked—though it’s always been a low-liquidity coin, trading around $0.06 on smaller exchanges like MEXC and Gate.io. The hacker’s stuck with a pile of tokens that aren’t exactly easy to offload without crashing the price.
Still, it’s a bad look for SuperRare, which has been struggling to stay relevant in a quiet NFT market. Daily trading volume hovers around $16,000, with fewer than 10 active buyers and sellers most days. Most of the art listed sells for under $5, and some pieces sit unsold for years. The RARE token was one of the few things keeping the platform in conversations—until now.
The Bigger Picture
This isn’t an isolated incident. Exploits have been piling up in 2025, especially on Ethereum, where smart contracts are a favorite target for hackers (including, allegedly, North Korean groups). The ease of swapping and mixing tokens makes it a playground for thieves.
SuperRare hasn’t said much yet. The platform’s still running, auctions are still posted, and life goes on. But for a niche project already on the fringe, losing $730K—even if it’s just from an old contract—doesn’t help. If the hacker dumps those tokens, things could get messy. Then again, in crypto, when are they ever *not* messy?
