superfluid-finance-88Superfluid FinancePolygon’s native stablecoin protocol, Qi Dao, faced an exploit on its Superfluid vesting contract, which led to a 65% drop in the price of the governance token Qi Dao (QI). QI’s price fell from $1.24 to $0.18. The protocol enables users to move assets on-chain in a constant flow in real-time from one wallet to another. While there was no impact on users’ funds, the hackers behind the attack managed to get away with $20 million worth of tokens including 24 Wrapped Ether (wETH), 562,000 USD Coin (USDC), 44,000 Stake DAO (SDT), 1.5 million Museum of Crypto Art (MOCA), 23,000 Stacker Ventures (STACK) and nearly 40,000 sdam3CRV. Early information suggests that the stolen funds belonged to some of the early backers of the project and included team-vested tokens as well.

Detail Analysis

< Back

Superfluid Finance

Submit Incident Report

Date:

Status:

Count:

Contributor:

February 8, 2022

Verified

zerofriction.io

Loss Amount:

8,700,000

Recovered Amount:

Currency:

Dollars, wETH, USDC, SDT, MOCA, STACK, sdam3CRV

KYC By:

Audit By:

None

Peckshield

Website:

https://docs.superfluid.finance/superfluid/protocol-overview/what-is-superfluid

Twitter:

https://twitter.com/superfluid_HQ

Discord:

https://discord.com/invite/JrnpZWymeU

Telegram:

No data

Medium:

No data

Github:

https://github.com/superfluid-finance/protocol-monorepo

Key Indicators

Platform:

Type:

Category:

Method:

Ethereum, Polygon

Protocol

Bridge

Contract Vulnerabilities

Extended Method:

forged ctx data (sharing communication between protocols) to spoof the contract.

Data Sources:

https://cointelegraph.com/news/polygon-stablecoin-qidao-exploited-for-13m-on-superfluid-vested-contract https://rekt.news/superfluid-rekt/

Polygon’s native stablecoin protocol, Qi Dao, faced an exploit on its Superfluid vesting contract, which led to a 65% drop in the price of the governance token Qi Dao (QI). QI’s price fell from $1.24 to $0.18. The protocol enables users to move assets on-chain in a constant flow in real-time from one wallet to another. While there was no impact on users’ funds, the hackers behind the attack managed to get away with $20 million worth of tokens including 24 Wrapped Ether (wETH), 562,000 USD Coin (USDC), 44,000 Stake DAO (SDT), 1.5 million Museum of Crypto Art (MOCA), 23,000 Stacker Ventures (STACK) and nearly 40,000 sdam3CRV. Early information suggests that the stolen funds belonged to some of the early backers of the project and included team-vested tokens as well.

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.

< Back