Header Ads Widget


Hackers withdrew $80 million from DeFi-platform Qubit Finance pool

Hackers withdrew $80 million from DeFi-platform Qubit Finance pool

Qubit Finance's Binance Smart Chain (BSC)-based trading platform was attacked by hackers. PeckShield estimates that attackers took about $80 million worth of digital assets out of the project's pool.

It seems the QBridge of @QubitFin is hacked to mint huge amount of xETH collateral and drain the pool funds about $80M. Please note we audited the Qubit lending, not the QBridge! More to come... & ; PeckShield Inc. (@peckshield) January 27, 2022

Analysts noted that the hackers took advantage of a QBridge crosschain service exploit that allowed them to issue "huge" amounts of xETH tokens. The latter were used to secure an illegitimate loan on the platform.

PeckShield stressed that it was auditing smart contracts related to the project's front-end. They did not audit the QBridge codebase.

Qubit Finance's DeFi-platform allows you to borrow against digital assets. The QBridge solution provides the ability to use cryptocurrencies outside of the BSC to secure loans. At the same time, they do not need to be moved from one blockchain to another.

CertiK explained that the exploit allowed attackers to issue xETH without actually making a deposit. They then converted the assets to BNB.

2. The Ethereum QBridge captured the Deposit event and minted $qXETH for the hacker on #BSC. The QBridge treats the Deposit event as an event of depositing #ETH because the `deposit` and `depositETH` methods in the #QBridge contract emit the same event. pic.twitter.com/4TzsZqOOtI & ; CertiK Security Leaderboard (@CertiKCommunity) January 28, 2022

The address associated with the attack contains 206,809 BNB - more than $79.23 million at the time of writing.

The project team confirmed information about the hack. The developers have contacted the hackers and offered them a reward to "minimize" the negative effect on the community.

[Our message to the exploiter] The team is glad to have a conversation with you.https://t.co/4SxtuD6pQY pic.twitter.com/V9bICKvWda & ; Qubit Finance (@QubitFin) January 28, 2022

According to the project's blog, its team monitors attackers' actions and "monitors affected assets." The developers are working with security partners, including representatives from Binance. Most of the platform's features are temporarily disabled.

Amid the incident, the price of token project Qubit (QBT) collapsed by 26%, according to CoinGecko.

Recall, in December 2021, hackers withdrew $30 million in digital assets from DeFi-platform Grim Finance.

Post a Comment