A security breach cost QiDAO, a decentralized finance system built on the Polygon network, $13 million in losses. The issue does not affect Qi DAO’s primary contracts, but rather a vesting contract that QiDAO had implemented utilizing the Superfluid programmable smart contract framework.
While Superfluid and QiDAO continue to examine the core cause of the incident, blockchain data shows that a total of $13 million in crypto assets was stolen. At the time of writing, the hacker’s address still had almost $8 million in it.
In a subsequent update, Superfluid revealed that the attack could have been a possible protocol layer exploit. Users who own “SuperTokens,” or tokens issued within the Superfluid architecture, are strongly recommended to unwrap their assets as soon as possible.
As previously stated, the recent hack has no effect on user monies invested in the QiDAO system. Instead, the hacker stole the project team’s staked QI and other assets. The exploiter claimed $11.8 million in QI tokens, which they immediately sold for Wrapped Ether (WETH) on the 1inch platform.
The hacker’s action, along with investor concerns about being diluted by additional supply, caused the price of $QI to fall by more than 80% in two hours, falling from $1.20 to $0.18. As can be seen in the chart above, $QI has returned to $0.57 following assurance that the security vulnerability had no direct impact on the QiDAO protocol.