Hackers have stolen approximately $80 million in cryptocurrency from Qubit Finance, a decentralized finance platform (DeFi). Using the Binance Smart Chain, they obtained access to Qubit Finance, and stole approximately $80 million (about * 600 crores). The addresses associated with the heist robbed QBridge of 2,06,809 Binance Coin (BNB) from Qubit. It is currently the biggest heist of cryptocurrencies in 2022. A tweet from Qubit Finance confirmed the heist. “In the meantime, Security and networking partners are currently working on the next steps.” The tweet stated that further updates would be forthcoming.
Earlier this month, Qubit Finance published an incident report on Medium acknowledging the hack. The hack was reported to have occurred around 5PM ET on January 27th. PeckShield reported that the assets were worth more than $80 million at current rates. The smart contracts of Qubit were audited by PeckShield. QBridge was also hacked, according to the security firm, to generate a lot of xETH collateral, which was later used to drain Binance Coin held on QBridge.
Qubit Finance provides customers with trading, lending, and borrowing services using smart contracts rather than third parties. The Qubit protocol allows users to borrow money against their cryptocurrency holdings in exchange for a predetermined amount. Users can collateralise their assets on other networks by using QBridge, an interchain function that allows them to move assets between chains without having to move their assets.
In addition, Qubit Finance facilitates the connection between Ethereum and Binance’s Smart Chain platform (BSC). According to CertiK, a blockchain auditing and security company, the hacker exploited a security vulnerability in Qubit’s smart contract code to send in a deposit of 0 ETH and withdraw almost $80 million in Binance Coin.
“Despite Ethereum’s dominance, bridges will only become more necessary as we move to a multichain world”, CertiK analysts wrote. Funds must be transferred from one blockchain to another, but in a way that can’t be hacked by those capable of stealing over [80 million dollars]. Qubit Finance posted a statement on Twitter directly appealing to the hacker, requesting that they negotiate with the team to minimize losses for the Qubit community.
Qubit Finance posted a statement on Twitter directly appealing to the hacker, requesting that they negotiate with the team to minimize losses for the Qubit community.
According to Qubit’s incident report, the team was also trying to offer the hacker the biggest reward possible through their bug bounty program. Qubit appears to be listed on Immunefi’s bug bounty platform as having a $250k bounty.
A number of DeFi projects have been exploited since Binance Smart Chain launched in 2020. Cyber Briefing points to three of the most severe hacks in 2021: A $31 million breach at Meerkat Finance in March, a $50 million breach at Uranium Finance in April, and an 88 million attack on Venus Finance in May.