QiDAO, Polygon’s native stablecoin system, experienced an exploit on its Superfluid vesting contract, resulting in a 65% reduction in the price of the governance token QI, from $1.24 to $0.18.
On Tuesday, QiDAO acknowledged the Superfluid vesting contract exploits on Twitter, but assured users that their assets were safe and that none of QiDAO’s funds were affected. Superfluid also acknowledged the QiDAO exploit and stated that they are researching the problem and will provide updates as needed. The system allows users to transfer assets on-chain in real-time from one wallet to another.
While the user’s assets stayed unaffected, the attackers made off with $20 million in tokens, including 24 WETH, 562,000 USDC, 44 SDT, 1.5 million MOCA, 23,000 STACK, and approximately 40,000 sdam3CRV. Moreover, according to early reports, the stolen monies belonged to some of the project’s early backers and included team vested tokens as well.
The hackers stole around $13 million worth of cryptocurrency
SlowMist, a crypto-analytics firm, produced a fund tracker that shows the balance of each coin taken. They assessed that the hackers stole around $13 million worth of cryptocurrency after studying the wallet transaction data.
The attackers began dumping stolen QiDAO on the Quickswap DEX with heavy slippage. Causing the governance token’s price to plummet by 65%. After plunging below $0.18, the Polygon community took advantage of the opportunity to buy the dip. Helping the governance token climb to $0.6. It’s worth noting that the attack took place utilising a Superfluid vulnerability, rather than QiDAO.
Following the exploit, QiDAO momentarily suspended its bridge in the hopes of quickly resolving the problem. The hack was discovered just 24 hours after Polygons’ $450 million campaign. However, the community reacted positively to the native stablecoin protocol. Emphasising that it was due to a third-party weakness rather than a problem with the protocol itself.