Qubit Finance is the latest DeFi hack victim. This is the biggest attack of the year, by volume of stolen funds. The protocol is seeking to negotiate with the attacker a possible return of funds.
The decentralized finance (DeFi) protocol, Qubit Finance, suffered a piracy attack that caused millionaire losses.
Research indicates that a malicious actor exploited the loan protocol based on Binance SmartChain (BSC) for an amount of USD $80 million in the token BNB. The hacker exploited a vulnerability in Qubit Bridge, a cross-chain bridging service that makes it easy for users to exchange tokens between ethereum and BSC.
The bridge allows users to deposit ethereum wrapped (WETH) to mint xETH, an asset that represents ethereum in the BSC chain, to be used as collateral for loans in the protocol Qubit Finance.
However, a critical flaw in the smart contracts of Qubit Bridge they allowed the hacker to mint xETH without placing WETH funds as collateral. This allowed the attacker “cheat” to the protocol to get unlimited leveraged loans without depositing anything. The official Twitter account for the project confirmed the hack on Thursday:
The hacker minted unlimited xETH to borrow in BSC. The team is currently working with security and networking partners on the next steps.
The protocol was exploited by;
The hacker minted unlimited xETH to borrow on BSC.
The team is currently working with security and network partners on next steps.
We will share further updates when available.
— Qubit Finance (@QubitFin) January 28, 2022
Qubit Finance seeks to negotiate with the hacker
the security team PeckShield, which audited the smart contracts of Qubit, agreed that the protocol was hacked to generate a “huge amount of collateral xETH” which was then used to drain the full amount of BNB held in QBridge.
Using xETH as collateral, the hacker proceeded to siphon 206,809 BNB from Qubit Finance, worth about $80 million at the time, the researchers noted. PeckShield in a tweet.
In a incident report, the security firm CertiK said the attacker used a deposit function in the contract QBridge to illicitly mint tokens and then take the loot. They also shared a full breakdown of the assets involved in the attack, agreeing on the final loss figure.
“The exploit netted them 77,162 qXETH ($185 million), which they then used to borrow and convert 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), roughly $9.5 million. in various stablecoins and ~$5 million in CAKE , BUNNY and MDX“, they indicated.
The protocol team has also published a report with the chronology and some details of the incident. Qubit Finance has not indicated whether it considers a reimbursement plan to compensate users for losses, but they are trying to communicate with the hackers to negotiate the return of funds.
— Qubit Finance (@QubitFin) January 28, 2022
The developers communicated their intention to negotiate with the attacker in a tweet. They also left a block chain message offering him a reward of USD $250,000 in exchange for returning the stolen money.
The biggest DeFi hack in 2022
The latest attack on the protocol Binance SmartChain represents the largest DeFi hack seen in 2022, to date; although it is not the first incident of the year. In the past week, a white hat hacker stole USD$ 1.73 million to the protocol multi-chain before returning $900,000 and pocketing the rest as a reward.
The attack on Qubit Finance It is the seventh largest hack of a DeFi protocol in history., in terms of the value of stolen funds, according to data from DeFi Yield. It is also the most recent exploit seen on a project by BSC, a blockchain that has seen a significant number of scams, hacks, rug pulls, and other security incidents in recent months.
In 2021, several DeFi projects in Binance SmartChain suffered major attacks or exploits. Some of the most serious include hacking of USD $31 million Meerkat Finance in March, a exploit to Uranium Finance that cost protocol users $50 million in April and the $88 million attack on venusfinance in May.
Article versioned by Hannah Estefanía Pérez / DailyBitcoin
Image edited from Unsplash
WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.