Polygon DeFi Protocol ‘QiDao’ Exploited for $13 Million

Another day, another DeFi hack. This time the target was QiDao’s Superfluid vesting contract. User funds on QiDao contracts remain safe, as the exploit was “solely on Superfluid”, as the Polygon-based DeFi protocol tweeted on February 8:

The QiDao protocol allows users to borrow stablecoins against their crypto holdings at zero percent interest. Hackers were able to get away with more than US$13 million in various tokens including QI, WETH, USDC, SDT, MOCA, STACK, sdam3CRV, and MATIC. Rumour has it the stolen funds included team-vested tokens and might have belonged to some of the early backers of the project.

Dump Leads to 65% Price Plunge

The hackers behind the attack started dumping stolen QiDao on the QuickSwap decentralised exchange with high slippage, leading to a 65 percent decline in the price of the governance token:

The QiDao chart felt the pain as the price took a steep nosedive, dropping 68.05 percent in minutes, as reported by @PeckShieldAlert. According to CoinGecko, QI dropped sharply from US$1.24 to $0.18. Impressively, investors bought the dip and the price recovered to $0.80 by press time.

On February 1, Crypto News Australia reported that Qubit Finance had suffered a US$80 million loss in a protocol exploit. With the world of DeFi still in the early stages of development, hacks such as this are common news.