Hacker siphons $80 million from Qubit Finance, BSC-based DeFi protocol – DiarioBitcoin

Texas could raise funds through NFT and harness 'abundant' energy to mine Bitcoin

Hacker siphons $80 million from Qubit Finance, BSC-based DeFi protocol - DiarioBitcoin For Hannah Perez

Qubit Finance is the latest DeFi hack victim. This is the biggest attack of the year, by volume of stolen funds. The protocol is seeking to negotiate with the attacker a possible return of funds.


The decentralized finance (DeFi) protocol, Qubit Finance, suffered a piracy attack that caused millionaire losses.

Research indicates that a malicious actor exploited the loan protocol based on Binance SmartChain (BSC) for an amount of USD $80 million in the token BNB. The hacker exploited a vulnerability in Qubit Bridge, a cross-chain bridging service that makes it easy for users to exchange tokens between ethereum and BSC.

The bridge allows users to deposit ethereum wrapped (WETH) to mint xETH, an asset that represents ethereum in the BSC chain, to be used as collateral for loans in the protocol Qubit Finance.

However, a critical flaw in the smart contracts of Qubit Bridge they allowed the hacker to mint xETH without placing WETH funds as collateral. This allowed the attacker cheat” to the protocol to get unlimited leveraged loans without depositing anything. The official Twitter account for the project confirmed the hack on Thursday:

The hacker minted unlimited xETH to borrow in BSC. The team is currently working with security and networking partners on the next steps.

Qubit Finance seeks to negotiate with the hacker

the security team PeckShield, which audited the smart contracts of Qubit, agreed that the protocol was hacked to generate a “huge amount of collateral xETH” which was then used to drain the full amount of BNB held in QBridge.

Using xETH as collateral, the hacker proceeded to siphon 206,809 BNB from Qubit Finance, worth about $80 million at the time, the researchers noted. PeckShield in a tweet.

In a incident report, the security firm CertiK said the attacker used a deposit function in the contract QBridge to illicitly mint tokens and then take the loot. They also shared a full breakdown of the assets involved in the attack, agreeing on the final loss figure.

See also  Tron founder will give 1 million ETH to those who fork Ethereum before the Fusion

The exploit netted them 77,162 qXETH ($185 million), which they then used to borrow and convert 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), roughly $9.5 million. in various stablecoins and ~$5 million in CAKE , BUNNY and MDX“, they indicated.

The protocol team has also published a report with the chronology and some details of the incident. Qubit Finance has not indicated whether it considers a reimbursement plan to compensate users for losses, but they are trying to communicate with the hackers to negotiate the return of funds.

The developers communicated their intention to negotiate with the attacker in a tweet. They also left a block chain message offering him a reward of USD $250,000 in exchange for returning the stolen money.

The biggest DeFi hack in 2022

The latest attack on the protocol Binance SmartChain represents the largest DeFi hack seen in 2022, to date; although it is not the first incident of the year. In the past week, a white hat hacker stole USD$ 1.73 million to the protocol multi-chain before returning $900,000 and pocketing the rest as a reward.

The attack on Qubit Finance It is the seventh largest hack of a DeFi protocol in history., in terms of the value of stolen funds, according to data from DeFi Yield. It is also the most recent exploit seen on a project by BSC, a blockchain that has seen a significant number of scams, hacks, rug pulls, and other security incidents in recent months.

See also  4 Benefits of Bitcoin Mining for the Electricity Industry

In 2021, several DeFi projects in Binance SmartChain suffered major attacks or exploits. Some of the most serious include hacking of USD $31 million Meerkat Finance in March, a exploit to Uranium Finance that cost protocol users $50 million in April and the $88 million attack on venusfinance in May.

Recommended reading

Sources: CoinDesk, CryptoBriefing, Decrypt, Twitter, archive

Article versioned by Hannah Estefanía Pérez / DailyBitcoin

Image edited from Unsplash

WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.

Leave a Comment

Your email address will not be published.