Qubit Finance, a Binance Smart Chain Protocol Loses $80 Million to Hackers

Due to a bug in the Ethereum bridge of Qubit Finance, a hacker took the opportunity to hack the lending pools and steal 206,809 Binance Coin (BNB). Today, Qubit Finance, a DeFi protocol on the Binance Smart Chain (BSC), has lost $80 million in Binance Coin (BNB) tokens at the hands of hacker exploitation. Yet another one of the protocols in the Binance Smart Chain (BSC) has been compromised. The Binance Smart Chain (BSC) lending system Qubit Finance was hacked and $80 million worth of Binance Coin (BNB) tokens were stolen. A hacker leveraged a flaw on the Qubit Bridge, a cross-chain bridge connected to Ethereum, on January 27 at 9:36 p.m. UTC. Through this bridge, users are able to enter WETH into Qubit’s BSC-based smart contracts from the Ethereum mainnet so that they can get xETH. The latter can be utilized as collateral of on-protocol loans. The hacker was able to generate xETH without inputting any WETH thanks to a key flaw in the bridge’s smart contracts, allowing them to take out infinite leveraged loans from the pools of Qubit Finance. The team said the hacker “minted unlimited xETH to borrow on BSC” in a tweet disclosing the attack. The hacker used the xETH as collateral to steal 206,809 Binance Coin (BNB), which was valued at almost $80 million when the attack took place. The hacker’s address can be viewed to show the stolen funds. https://twitter.com/QubitFin/status/1486870238591594497 The team of Qubit Finance took the initiative to deliver an on-chain message to the perpetrator, offering them a $250,000 bounty to return the stolen coins. This contact is initiated as part of the bounty program with Immunefi, the ethical hacking platform which is an ongoing engagement. https://twitter.com/QubitFin/status/1486970878785363977 Another step taken by the Qubit Finance team was attempting negotiation with the hacker by trying to contact them directly. https://twitter.com/QubitFin/status/1486984216072318977 According to data from DeFi Yield, looking at stolen funds, the recent flaw that made Qubit Finance susceptible to hackers makes this DeFi Protocol hack the 7th biggest ever. The protocol’s Qubit token has decreased 27% in the 24 hour period as a result of the attack. Binance Smart Chain (BSC) has been notorious for the number of hacks, exploits, and rug pulls that have occurred since its inception in September 2020. Many DeFi protocols on Binance Smart Chain (BSC) were hacked or exploited in 2021. The $31 million hack of Meerkat Finance in March, a $50 million Uranium Finance exploit in April, and the $88 million hack in May of Venus Finance are among the most serious. Qubit Finance has yet to disclose whether or not it intends to refund or compensate users who have lost money as a result of the breach. https://crypto-academy.org/qubit-finance-loses-80-million-to-hackers/?feed_id=1750

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store