1. Home
    2. /Polygon-Based QiDAO Loses $13M in Rare Vesting Contract Exploit

    Polygon-Based QiDAO Loses $13M in Rare Vesting Contract Exploit

    QiDAO, a decentralized finance protocol built on the Polygon network, has suffered $13 million in losses from a security breach. The vulnerability does not involve Qi DAO’s main contracts, but a vesting contract which QiDAO had deployed using programmable smart contract framework, Superfluid. Today at 6.48am GMT we were notified of a potential exploit of ... Read more

    Updated Apr 25, 2024
    Wilfred Michael

    Author by

    Wilfred Michael

    Polygon-Based QiDAO Loses $13M in Rare Vesting Contract Exploit

    QiDAO, a decentralized finance protocol built on the Polygon network, has suffered $13 million in losses from a security breach. The vulnerability does not involve Qi DAO’s main contracts, but a vesting contract which QiDAO had deployed using programmable smart contract framework, Superfluid.

    While Superfluid and QiDAO continue to investigate the root case of the attack, blockchain data reveals the total theft to be the tune of $13 million worth of crypto assets. At the time of writing, approximately $8 million is still held on the hacker’s address.

    Superfluid revealed in a subsequent update that the hack may have been a “potential protocol layer exploit.” Users who hold so-called “SuperTokens,” tokens issued within the Superfluid framework, are promptly advised to unwrap their assets as a precaution.

    QiDAO hack sees token suffers over 80% loss

    As noted earlier, the latest compromise does not affect user funds staked in the QiDAO protocol. Instead, the hacker made away with staked QI and other assets vested by the project team. The exploiter had claimed $11.8 million worth of QI tokens which they immediately dumped for Wrapped Ether (WETH) using 1inch exchange.

    Qi DAO token hack

    (Source: Coingecko)

    The hacker’s move, as well as investor fears of being diluted by the new supply, caused the price of $QI to drop by over 80%, going from $1.20 to $0.18 within two hours following the incident. As seen in the above chart, $QI has recovered to $0.57 following confirmation that the security breach did not directly affect QiDAO protocol.