Cryptocurrency
DeFi
Exchanges
Stablecoins
NFTs
Wallets
Bitcoin
Ethereum
Tokens
ICOs
IEOs
Technology
Crypto
Banking
Supply Chain
Security
Healthcare
Mining
AI
Advertising
Gaming
Retail
Education
Analytics
Hosting
Business
Partnerships
Investments
Adoption
Acquisitions
Conferences
IPOs
Legal
Lawsuits
Patents
Politics
Fraud
Research
Guides
Opinion
Cryptocurrency
Technology
Business
Legal
Politics
Fraud
Research
Guides
Opinion
The Chain Bulletin logo

QiDAO Loses $13M After Superfluid Vesting Contract Exploit

  • QiDAO has assured users that their funds remain safe, with information suggesting that the stolen $13 million belonged to early backers and investors in QiDAO.
  • Superfluid’s team noted that the attack may have been a “potential protocol layer exploit”, and advised users to unwrap their assets as a precaution.
by Krasimir Buchvarov February 8, 2022, 1:11 PM
hacker

Shutterstock

Polygon-based decentralized finance (DeFi) protocol QiDAO has experienced a security breach on its Superfluid vesting contract, loosing $13 million in the process, the platform said on Twitter on 8 February.

A follow-up message from the QiDAO team explained that the vulnerability was not connected to the QiDAO main contracts — which allow users to move assets on-chain in a constant flow, from one wallet to another — but was found in the vesting contract the protocol had deployed using programmable smart contract framework Superfluid. The team also noted that users’ funds remain safe, and that no funds from QiDAO were affected. Superfluid confirmed the exploit on Twitter:

Blockchain data suggests that the attacker was able to steal approximately $13 million worth of cryptocurrencies, including wETH, USDC, SDT, MOCA, STACK, and sdam3CRV. Additional information has also suggested that the stolen funds belonged to early backers and investors in QiDAO, and also team vested tokens.

An update from the Superfluid team claimed the attack could have been a “potential protocol layer exploit”, and the team has now advised users who hold “SuperTokens” to unwrap their assets as a precaution.

Shortly after the exploit, the attacker started dumping QiDAO’s native token QI on Quickswap DEX with high slippage, causing the price of the token to plummet from $1.24 to almost $0.16. Opportunistic traders, however, were quick to buy the dip and propel the governance token reach $0.7 at the time of writing.

Discussion
Related Coverage
Binance Launches $1B Industry Recovery Initiative With 7 Contributors
  • Binance has officially launched its $1 billion industry recovery fund, and said it is ready to set aside another $1 billion in the near future “if the need arises”.
  • Jump Crypto, Polygon Ventures, Aptos Labs, Animoca Brands, GSR, Kronos, and Brooker Group have all joined the fund with a combined contribution of $50 million.
November 25, 2022, 8:16 AM
cz

Binance CEO Changpeng Zhao. CoinDesk

MetaMask Launches Bridge Aggregator Feature
  • MetaMask Bridges was designed to aggregate multiple blockchain bridges in one place, making it easier and more secure for users to transfer their assets from one network to another.
  • The new feature currently supports the Ethereum, Avalanche, BNB Chain, and Polygon blockchains, as well as the Connext, Hop, Celer cBridge, and Polygon Bridge.
Singapore Completes First DeFi Pilot Using Polygon and Aave
  • The Monetary Authority of Singapore successfully completed a cross-currency transaction using DeFi technology as part of its Project Guardian initiative.
  • Singapore’s DBS Bank, Japan’s SBI Digital, and J.P. Morgan all participated in the trials that were conducted on the Polygon blockchain.