Trusted

QiDao Experiences Exploit of Superfluid Smart Contract Code, $20M Estimated to be Lost

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • QiDao experienced an attack via Superfluid smart contract code, resulting in over $20M in lost funds.
  • The funds did not belong to users, but it appears that early backers lost money.
  • The QI governance token dropped dramatically in the wake of the exploit.
  • promo

The third crypto exploit occurred in the DeFi space less than a week after the Wormhole exploit and mere days after the Meter bridging hack that saw funds drained from a bridge exploit.

QiDao has experienced a hack. The info available at the moment is scarce, though Polygonscan reveals that $20M worth of funds were lost. However, these were not user funds. One Twitter user, @MacroAnarchy, said, “Although user funds might be safe, it’s project funds that were stolen from my understanding? This still impacts all of us.” Others were appreciative of the frequent updates provided by QiDao. QiDao has thanked the community for their support.

The exploit occurred exclusively on Superfluid. Some tokens have been affected, though, and bridging is suspended. Lost funds comprised wETH, 562,000 USD Coin (USDC), 44,000 Stake DAO (SDT), 1.5 million Museum of Crypto Art (MOCA), 23,000 STACK, and almost 40000 sdamCRV.

How did the attack happen?

QiDAO has said that Superfluid’s vesting smart contract framework on Ethereum for QiDao had been attacked. Superfluid and QiDao advised users to “exercise caution” when interacting with smart contracts. Superfluid is a smart contract framework on Ethereum, enabling the movement of assets on-chain, following specific predefined rules. A single on-chain transaction results in money being made its way from a sender’s wallet to a receiver wallet in real-time.

One Twitter user @williamb3ntley asked if the QI token was unaffected. Another Twitter user responded, “The hacker still has a lot of $QI to get rid of, so the price will keep falling until he sells off all of it and moves it…then we will see better.” A Twitter user said that the QiDao protocol is fine and sees a buying opportunity.

Bug bounty offered by Superfluid

QiDao enables users to deposit owned tokens into a vault and borrow stablecoins against this collateral. Qi is the first native stablecoin on Polygon. There is always more total value locked than funds loaned. Loans are paid out in MAI. MAI is a stablecoin soft-pegged to the U.S. Dollar, and is made by the QiDao protocol. The Qi token is the governance token of the QiDao protocol. A drop of 65% was seen on the price of $QI, from $1.24 to $0.18. QiDao has $265.47M in total value-locked, with $15.74K on the Moonriver Network, 2.09M on Avalanche, $110.63M on Polygon, $302.32K on Harmony, and $152.43M on Fantom.

Superfluid said they are offering a $1M bounty should the hacker return the funds. They advised users to unwrap all SuperTokens, as the attacker may be looking for wallets or users with substantial balances. They also said that they have deployed a patch.

What do you think about this subject? Write to us and tell us!

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored