QiDAO Token Crashes 87% After $13M Superfluid Contract Exploit

QI Vesting Contract Vulnerability on Superfluid Exploited,Hackers managed to steal $13 million worth of crypto tokens after exploiting the QiDAO vesting contract on Superfluid.

So what they came across:In a Twitter update on Tuesday, Ethereum (CRYPTO: ETH)-based money streaming protocol Superfluid said it was looking into a potential exploit of the QiDAO contract that leverages Superfluid code.

@QiDaoProtocol is investigating a potential protocol layer exploit. As a precaution, please do unwrap all your SuperTokens. The attackers might be targeting wallets/contracts with large amounts,” cautioned Superfluid.

Using an ERC20 token called Super Token, Superfluid allows users to perform multiple tasks in a single transaction. By wrapping their tokens, users can initiate a money stream without needing to pay additional gas fees or transaction costs.

The attacker’s address (0x157…..090) made a profit of more than 13 million US dollars, including QI, WETHUSDC, SDT, MOCA, STACK, sdam3CRV, and MATIC coins. According to the analysis, the attacker exchanged some QI.USDC, SDT, MOCA, STACK to ETH through 1inch; exchanged 39,357.25sdam3CRV to 43,910.09 amDAI. The current balance of the attacker’s address (0x157…090) is: 11016.60MATIC ,507930.87MOCA,2707.91ETH,4391039DAI.

The contract exploit was later confirmed by QiDAO who assured users that all funds were safe.

According to crypto analytics firm Slow Mist, the attacker made a total profit of over $13 million through a number of cryptocurrencies.

After stealing the funds, the hackers proceeded to sell large amounts of QiDAO’s native crypto token QI on the Quickswap decentralized exchange. This led to an 87% decline in the token’s value, from $1.24 to $0.16 in just 60 minutes.

QI’s price has since recovered to around $0.57, but is still down by 45% since the news of the exploit.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.