DeFi Protocol Qubit Finance Exploited for $80M

The attack is the seventh-largest DeFi exploit by the amount of funds stolen, data shows.

AccessTimeIconJan 28, 2022 at 7:15 a.m. UTC
Updated May 11, 2023 at 4:41 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Binance Smart Chain-based Qubit Finance was exploited for over $80 million by attackers on Friday morning, developers confirmed in a post.

  • “The hacker minted unlimited xETH to borrow on BSC. The team is currently working with security and network partners on next steps,” developers said in a tweet.
  • Addresses connected to the attack show 206,809 Binance coins (BNB) were drained from Qubit’s QBridge protocol. The assets are worth over $80 million at current prices, security firm PeckShield confirmed in a tweet.
  • Decentralized finance (DeFi) projects like Qubit Finance rely on smart contracts instead of third parties to offer users financial services such as trading, lending and borrowing.
  • Qubit allows users to supply their crypto holdings to the protocol and borrow loans against this collateral for a fixed fee. QBridge is a cross-chain feature that enables users to collateralize their assets on other networks without moving assets from one chain to another.
  • PeckShield, which audited Qubit’s smart contracts, said the QBridge was hacked to mint a “huge amount of xETH collateral” that was then used to drain the entire amount of BNB held on QBridge.
  • In an incident report, security firm CertiK said the attacker used a deposit function in the QBridge contract and illicitly minted 77,162 qXETH, an asset that represents ether bridged via Qubit. Attackers tricked the protocol to show that they had deposited funds without making an actual deposit.
  • These steps were repeated several times, and the attacker then converted all the assets to BNB, CertiK said in a tweet.
  • The exploit is the seventh-largest attack on a DeFi protocol by the amount of funds stolen, as per data from analytics tool DeFi Yield.
  • Qubit’s QBT is down 25% in the past 24 hours, as per data from CoinGecko. Much of the fall occurred after this morning’s incident was made public.
  • Qubit developers continue to monitor the situation at the time of writing, as per a tweet.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.