Hackers were able to access and steal over $80 million from Qubit Finance which is based on Binance Smart Chain the protocol confirmed via a tweet Friday. The addresses linked to the assault stole 206,809 Binance Coin (BNB) from Qubit’s QBridge protocol. The assets are valued at more than $80 million at the time of writing.
Did @QubitFin just get hacked for $80M? Check out this address: https://t.co/1Oao54Ndnb
— claudeshannon.eth ⛽️ (@0xclaudeshannon) January 27, 2022
QBridge was hacked to create “a huge amount of xETH collateral” that was subsequently used to drain the entire quantity of BNB stored on Q Bridge, according to PeckShield, which analyzed Qubit’s smart contracts.
In a report by security firm CertiK, the attacker utilized a deposit option in the QBridge contract to illegally mint 77,162 qXETH, which is an asset representing ether bridged via Qubit. The protocol was duped into believing that attackers had deposited money when they hadn’t.
According to CertiK, the hacker carried out these actions multiple times and converted all of the assets to Binance Coin as a result. This makes the exploit the seventh-largest in DeFi, according to DeFiYield Rekt data.
Related: Crypto.com shares details on security breach: 483 accounts compromised
The Qubit team sent out a statement to notify clients that they are still monitoring the hacker and their impacted assets. The blog also notes that we have contacted the attacker to offer the maximum reward as determined by their program. The team has since disabled Supply, Redeem, Borrow, Repay, Bridge and Bridge Redemption features until further notice. However, they indicated that claiming is available.
— Qubit Finance (@QubitFin) January 28, 2022
Hacks, rug-pulls, and protocol exploits are all common in the cryptocurrency sector. Earlier this month, decentralized finance security platform and bug bounty service Immunefi revealed that cybercrime losses surpassed $10.2 billion in 2021. On Jan. 17, the popular crypto exchange Crypto.com suffered nearly $34 million in losses following a security breach.