Superfluid's vesting contract for QI has been exploited.
User funds on QiDao contracts remain safe. The exploit is solely on Superfluid.
We will release an update when we know more.
— Qi Dao (@QiDaoProtocol) February 8, 2022
2) After analysis, the attackers exchanged some QI, USDC, SDT, MOCA, STACK for ETH through 1inch; exchanged 39,357.25 sdam3CRV to 43,910.09 amDAI. The attacker's address (0x157...090 ) currently has a balance of 11,016.60 MATIC, 507,930.87 MOCA, 2,707.91 ETH, and 43,910.39 DAI.
— SlowMist (@SlowMist_Team) February 8, 2022