The third crypto exploit occurred in the DeFi space less than a week after the Wormhole exploit and mere days after the Meter bridging hack that saw funds drained from a bridge exploit.
QiDao has experienced a hack. The info available at the moment is scarce, though Polygonscan reveals that $20M worth of funds were lost. However, these were not user funds. One Twitter user, @MacroAnarchy, said, “Although user funds might be safe, it’s project funds that were stolen from my understanding? This still impacts all of us.” Others were appreciative of the frequent updates provided by QiDao. QiDao has thanked the community for their support.
The exploit occurred exclusively on Superfluid. Some tokens have been affected, though, and bridging is suspended. Lost funds comprised wETH, 562,000 USD Coin (USDC), 44,000 Stake DAO (SDT), 1.5 million Museum of Crypto Art (MOCA), 23,000 STACK, and almost 40000 sdamCRV.
How did the attack happen?
QiDAO has said that Superfluid’s vesting smart contract framework on Ethereum for QiDao had been attacked. Superfluid and QiDao advised users to “exercise caution” when interacting with smart contracts. Superfluid is a smart contract framework on Ethereum, enabling the movement of assets on-chain, following specific predefined rules. A single on-chain transaction results in money being made its way from a sender’s wallet to a receiver wallet in real-time.
One Twitter user @williamb3ntley asked if the QI token was unaffected. Another Twitter user responded, “The hacker still has a lot of $QI to get rid of, so the price will keep falling until he sells off all of it and moves it…then we will see better.” A Twitter user said that the QiDao protocol is fine and sees a buying opportunity.
Bug bounty offered by Superfluid
QiDao enables users to deposit owned tokens into a vault and borrow stablecoins against this collateral. Qi is the first native stablecoin on Polygon. There is always more total value locked than funds loaned. Loans are paid out in MAI. MAI is a stablecoin soft-pegged to the U.S. Dollar, and is made by the QiDao protocol. The Qi token is the governance token of the QiDao protocol. A drop of 65% was seen on the price of $QI, from $1.24 to $0.18. QiDao has $265.47M in total value-locked, with $15.74K on the Moonriver Network, 2.09M on Avalanche, $110.63M on Polygon, $302.32K on Harmony, and $152.43M on Fantom.
Superfluid said they are offering a $1M bounty should the hacker return the funds. They advised users to unwrap all SuperTokens, as the attacker may be looking for wallets or users with substantial balances. They also said that they have deployed a patch.
What do you think about this subject? Write to us and tell us!
Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Source: https://beincrypto.com/qidao-experiences-exploit-of-superfluid-smart-contract-code-20m-estimated-to-be-lost/