Bunny and Qubit turns to DAO following $80 million bug exploit

Published at: Feb. 11, 2022

The development team behind Bunny Finance and Qubit has decided to disband the protocol and turn it into a decentralized autonomous organization (DAO).

In an official medium post published on Friday, The Bunny Finance team announced that the exploit on Qubit that resulted in $80 million worth of loss has made it impossible for the team to operate at full scale. Thus, they have decided to disband the protocols and give authority to the community.

As reported earlier by Cointelegraph, the Qubit bridge called X-bridge facilitated tokens swaps from Ethereum (ETH) to Binance Smart Chain (BSC). The hacker behind the attack managed to exploit a "logical error” in the X-Bridge smart contract that allowed them to withdraw tokens on the BSC chain without depositing any on Ethereum.

pic.twitter.com/G1WOMglVUU

— Qubit Finance (@QubitFin) January 28, 2022

The hacker managed to steal 77,162 qXETH worth $185 million and used it as collateral to borrow several assets from the lending pools worth $80 million. The borrowed tokens included 15,688 Wrapped Ether (wETH) worth $37.6 million, 767 BTC-B ($28.5 million), $9.5 million worth of stablecoin and $5 million worth of PancakeSwap (CAKE), Pancake Bunny (BUNNY) and MDX tokens.

Related: Wormhole token bridge loses $321M in largest hack so far in 2022

The official announcement noted that moving forward, the community will be in charge of major decision making including upgrading contracts, altering fee structure. In order to change the protocols to DAO, the development team has shut down vaults on Bunny which will no longer mint the native token. The team is also shutting down leveraged Farming Vaults and Single Asset Vaults on Qubit that were used to borrow assets.

The development team has also decided to discontinue major fee structures barring unstaking and compounding fees. The team would also launch a new market on Qubit and get rid of the old model that was hacked. All team tokens would be locked in a community smart contract and profits from the contract would be utilized as a compensation pool. The existing members of the team would participate as a member of the DAO.

Tags
Ethereum
Defi
Dao
Hacks
Bsc
Related Posts
Alchemix patches ‘Reverse Rug’ exploit, address $6.5 million shortfall
It’s as miraculous as Aladdin taking off on a magic carpet: in a possible first, some of the users of a decentralized finance protocol were the ones to benefit today from an exploit, turning the concept of a ‘rugpull’ on its head. A colloquialism for when liquidity is drained from a project (often an unscrupulous founder or developer draining the funds themselves), depositors and DeFi users are most often the ones holding bad debt and/or worthless tokens — left to hope for compensation plans that can take months or even years to fully vest. In an exploit today, however, the …
Ethereum / June 16, 2021
Alpha Homora loses $37 million following Iron Bank exploit
In one of the largest exploits of the DeFi era, this morning an attacker successfully drained over $37 million from Alpha Homora by leveraging Cream’s Iron Bank protocol-to-protocol lending platform. Alpha Finance Lab, whose protocol was audited by Quantstamp and Peckshield, announced on Twitter this morning that they were aware of an attack, that the “loophole” that allowed it had been patched, and that the team had a “prime suspect”: Dear Alpha community, we've been notified of an exploit on Alpha Homora V2. We're now working with @AndreCronjeTech and @CreamdotFinance together on this. The loophole has been patched. We're in …
Ethereum / Feb. 13, 2021
As Yearn.Finance’s yield vaults grow, ‘crop’ projects define boundaries
With millions and even billions of dollars at stake, industrial-scale yield farming is leading to pockets of resistance as some projects refuse to be left with the chaff. In the past week, team members from no-loss lottery project PoolTogether and exchange liquidity pool provider Curve Finance have proposed ways to reduce the load Yearn.Finance strategies place on their protocols and governance tokens. In a Tweet on Sunday, PoolTogether co-founder Leighton Cusack noted that Yearn has become the primary beneficiary of many of the protocol’s DAI lotteries, as Yearn controls 57% of all DAI funds ($27 million of the $47 million …
Ethereum / June 15, 2021
A million down, a billion to go: How does DeFi reach mass adoption?
A report on Friday from Ethereum metrics website Dune Analytics showed that the decentralized finance (DeFi) ecosystem now counts over 1 million unique Ethereum addresses as participants — an over tenfold increase from the 91,000 addresses on Dec. 6, 2019. But while the growth has been undeniable, some experts caution not to interpret the milestone as a sign of widespread adoption. In fact, in order for DeFi to truly break mainstream, many of the emerging vertical’s proponents may have to rethink their communication and outreach strategies. The Dune Analytics report, compiled by aggregating the total number of addresses which have …
Blockchain / Dec. 7, 2020
Aurora pays $6M bug bounty to ethical security hacker through Immunefi
On Tuesday, Ethereum (ETH) bridging and scaling solution Aurora announced it had paid out a $6 million bounty to ethical security hacker pwning.eth, who discovered a critical vulnerability in the Aurora Engine. The exploit allegedly placed over $200 million worth of capital at risk. The sum was paid in collaboration with Immunefi, a leading platform for Web 3.0 bug bounties, with more than $145 million bounties available and over $45 million bounties paid out. On April 26, Immunefi received a report from pwning.eth about a critical flaw in the Aurora Engine that would have enabled the infinite minting of ETH …
Blockchain / June 7, 2022