Cryptocurrency
DeFi
Exchanges
Stablecoins
NFTs
Wallets
Bitcoin
Ethereum
Tokens
ICOs
IEOs
Technology
Crypto
Banking
Supply Chain
Security
Healthcare
Mining
AI
Advertising
Gaming
Retail
Education
Analytics
Hosting
Business
Partnerships
Investments
Adoption
Acquisitions
Conferences
IPOs
Legal
Lawsuits
Patents
Politics
Fraud
Research
Guides
Opinion
Cryptocurrency
Technology
Business
Legal
Politics
Fraud
Research
Guides
Opinion
The Chain Bulletin logo

Qubit Finance Exploited for $80M

  • The attacker used a deposit option in the QBridge smart contract to create a “huge amount of xETH collateral”, which he used to borrow BNB on the Binance Smart Chain.
  • The Qubit team has contacted the attacker, and offered him the maximum reward it could give if he returns the stolen funds.
by Krasimir Buchvarov January 28, 2022, 11:33 AM
hacking

Shutterstock

Binance Smart Chain-based decentralized finance (DeFi) protocol Qubit Finance has suffered a major attack, which saw over $80 million worth of crypto leave the platform, Qubit said on Twitter on 28 January.

According to the announcement, hackers were able to access and steal over $80 million from the project by creating “a huge amount of xETH collateral”, which he then used tp borrow Binance Coin (BNB) tokens on BSC. From the linked address we can see he was able to withdraw 206,809 BNB from Qubit’s QBridge protocol. Qubit’s team is currently working with “security and network partners” to follow the hacker, and work on the next steps.

Security firm CertiK has already issued a report on the case, saying the attacker used a deposit option in the QBridge smart contract to mint 77,162 qXETH — an asset representing bridged ETH through Qubit — fooling the protocol he had deposited money when he hadn’t. These actions were carried out multiple times, allowing him to convert all of his fake assets into BNB.

Qubit has sent a statement to its customers, notifying them that the situation is being monitored, and that the team has contacted the attacker and offered the maximum reward as determined by its program for returning the funds. The team has also disabled a few features — such as supply, redeem, borrow, repay, bridge, and bridge redemption — until further notice, though claiming is still available.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Kroll Data Breach Compromises FTX, BlockFi Customer Information
  • A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
  • Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.