Qubit Finance suffers $80 million loss following hack

Published at: Jan. 28, 2022

High-profile hacks have become more prevalent throughout the cryptocurrency market, and Qubit Finance is one of the latest decentralized finance (DeFi) protocols to be exploited by hackers.

Hackers were able to access and steal over $80 million from Qubit Finance which is based on Binance Smart Chain the protocol confirmed via a tweet Friday. The addresses linked to the assault stole 206,809 Binance Coin (BNB) from Qubit's QBridge protocol. The assets are valued at more than $80 million at the time of writing.

Did @QubitFin just get hacked for $80M? Check out this address: https://t.co/1Oao54Ndnb

— claudeshannon.eth ⛽️ (@0xclaudeshannon) January 27, 2022

QBridge was hacked to create “a huge amount of xETH collateral” that was subsequently used to drain the entire quantity of BNB stored on Q Bridge, according to PeckShield, which analyzed Qubit's smart contracts.

In a report by security firm CertiK, the attacker utilized a deposit option in the QBridge contract to illegally mint 77,162 qXETH, which is an asset representing ether bridged via Qubit. The protocol was duped into believing that attackers had deposited money when they hadn't.

According to CertiK, the hacker carried out these actions multiple times and converted all of the assets to Binance Coin as a result. This makes the exploit the seventh-largest in DeFi, according to DeFiYield Rekt data.

Related: Crypto.com shares details on security breach: 483 accounts compromised

The Qubit team sent out a statement to notify clients that they are still monitoring the hacker and their impacted assets. The blog also notes that we have contacted the attacker to offer the maximum reward as determined by their program. The team has since disabled Supply, Redeem, Borrow, Repay, Bridge and Bridge Redemption features until further notice. However, they indicated that claiming is available.

pic.twitter.com/G1WOMglVUU

— Qubit Finance (@QubitFin) January 28, 2022

Hacks, rug-pulls, and protocol exploits are all common in the cryptocurrency sector. Earlier this month, decentralized finance security platform and bug bounty service Immunefi revealed that cybercrime losses surpassed $10.2 billion in 2021. On Jan. 17, the popular crypto exchange Crypto.com suffered nearly $34 million in losses following a security breach.

Tags
Related Posts
Yearn.Finance puts expanded treasury to use by repaying victims of $11M hack
Major decentralized finance protocol Yearn.Finance (YFI) has restored its yDAI vault in the aftermath of a $11 million exploit by hackers. Yearn announced Tuesday that they opened a Maker vault with YFI tokens from the treasury and minted 9.7 million DAI tokens from the vault to keep the yDAI vault intact. Using borrowed money allows the project to reimburse users without taking a hit to the treasury, either due to possible YFI appreciation or by gradually repaying the debt with protocol revenue. The team said that this is a one-off occurrence, as they expect users to hedge their own risks …
Technology / Feb. 9, 2021
Ethereum Name Service Auctions Halted Because of a Bug
Ethereum Name Service (ENS) name auctions were halted because of a bug that resulted in names being awarded to wrong users and for lower bids. Faulty documentation ENS’s editor Brantly Millegan announced the halt of the name auctioning service in a Medium article published on Sept. 30. He noted that most of the first auctions concluded successfully and only a few were affected by the bug. The anomalous result of some auctions had two distinct causes, one of which lies in documentation, not the software, according to Millegan. Per the announcement, “some bidders were given incorrect information on how to …
Ethereum / Oct. 1, 2019
$6.4M Worth of FSN Tokens Stolen From Fusion Network’s Swap Wallet
Fusion Network’s token swap wallet was compromised. Roughly a third of FSN tokens was stolen as a result. Fusion Foundation announced in a Medium post published on Sept. 29 that its swap wallet was compromised, which resulted in the theft of 10 million native FSN and 3.5 million Ethereum (ETH)-based ERC-20 FSN tokens. The total worth of stolen FSN tokens was estimated at around $6.4 million at that time. The Foundation’s investigation has not revealed any other affected wallets so far. The alleged cybercriminal reportedly started to launder the coins already: “After the currency was stolen, abnormal wash-trading behaviour occurred, …
Altcoin / Sept. 29, 2019
Web3 is the solution to Uber’s problem with hackers
Uber is a staple of the gig economy, for better or worse, and a disruptor that once sent shockwaves throughout the mobility space. Now, however, Uber is being taken for a ride. The company is handling a reportedly far-reaching cybersecurity breach. According to the ride-hailing giant, the attacker has not been able to access sensitive user data, or at least, there is no evidence to suggest otherwise. Whether or not sensitive user data was exposed, this case points to a persistent issue with today’s apps. Can we continue to sacrifice our data — and thereby our privacy and security — …
Defi / Oct. 1, 2022
Lodestar Finance exploited in flash loan attack
Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack on Dec. 10. According to Lodestar, the attacker manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, "an exploit that by itself would be unprofitable", said the company. Then, the attacker supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds "until the collateralization ratio mechanism prevented a full liquidation …
Altcoin / Dec. 11, 2022