Ad
News
DeFi protocol Qubit Finance exploited for $80 million in a recent hack DeFi protocol Qubit Finance exploited for $80 million in a recent hack
🚨 This article is 3 years old...

DeFi protocol Qubit Finance exploited for $80 million in a recent hack

The attacked DeFi protocol on Binance Smart Chain lost 206.809 BNB.

DeFi protocol Qubit Finance exploited for $80 million in a recent hack

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Losing $80 million worth of BNB tokens in a recent hack, Qubit Finance joined the unfortunate list of exploited DeFi protocols on Binance Smart Chain (BSC).

The DeFi lending protocol reported the incident in a Twitter post, revealing that the malicious attacker exploited a vulnerability on the Qubit Bridge–a cross-chain bridge to Ethereum.

What happened?

The Qubit team flagged the hacker’s address and published a detailed report which includes an analysis of the attack.

QBridge enables users to deposit WETH from Ethereum mainnet to Qubit’s BSC-based smart contract, and mint xETH that can be used as collateral to borrow on BSC.

However, the attacker exploited the vulnerability and managed to mint unlimited xETH–without depositing WETH.

Using the minted xETH as collateral, the attacker drained 206,809 BNB from the lending protocol, worth roughly $80 million.

The Qubit team is continuing to monitor the affected assets, which, at the time of writing, haven’t moved from the flagged address.

Qubit attempts to contact the attacker 

The exploited protocol also made attempts to contact the attacker.

In an on-chain message, the team offered a bounty of $250.000 in return for the stolen assets–the maximum amount set by Qubit’s ongoing bug bounty program.

“We pursue you to negotiate directly with us before taking any further action. The exploit and loss of funds have a profound effect on thousands of real people,” wrote the protocol on Twitter–urging the attacker to cooperate.

“If the maximum bounty offer is not what you are looking for, we are open to having a conversation. Let’s figure out a solution,” the team added.

While the team continues cooperating with security and network partners, including Binance, the protocol disabled Supply, Redeem, Borrow, Repay, Bridge, and Bridge redemption functions until further notice. 

According to DeFi Yield’s REKT Database, Qubit Finance exploit ranks as the seventh-largest attack by the amount stolen.

Posted In: DeFi, Hacks