Binance Smart Chain-based Qubit Finance was exploited for over $80 million by attackers on Friday morning, developers confirmed in a post.
- “The hacker minted unlimited xETH to borrow on BSC. The team is currently working with security and network partners on next steps,” developers said in a tweet.
- Addresses connected to the attack show 206,809 Binance coins (BNB) were drained from Qubit’s QBridge protocol. The assets are worth over $80 million at current prices, security firm PeckShield confirmed in a tweet.
- Decentralized finance (DeFi) projects like Qubit Finance rely on smart contracts instead of third parties to offer users financial services such as trading, lending and borrowing.
- Qubit allows users to supply their crypto holdings to the protocol and borrow loans against this collateral for a fixed fee. QBridge is a cross-chain feature that enables users to collateralize their assets on other networks without moving assets from one chain to another.
- PeckShield, which audited Qubit’s smart contracts, said the QBridge was hacked to mint a “huge amount of xETH collateral” that was then used to drain the entire amount of BNB held on QBridge.
- In an incident report, security firm CertiK said the attacker used a deposit function in the QBridge contract and illicitly minted 77,162 qXETH, an asset that represents ether bridged via Qubit. Attackers tricked the protocol to show that they had deposited funds without making an actual deposit.
- These steps were repeated several times, and the attacker then converted all the assets to BNB, CertiK said in a tweet.
- The exploit is the seventh-largest attack on a DeFi protocol by the amount of funds stolen, as per data from analytics tool DeFi Yield.
- Qubit’s QBT is down 25% in the past 24 hours, as per data from CoinGecko. Much of the fall occurred after this morning’s incident was made public.
- Qubit developers continue to monitor the situation at the time of writing, as per a tweet.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.