Qubit Finance, based on the Binance Smart Chain, was mined for more than €80 million by attackers on Friday morning, the developers confirmed in a post.
- “Hacker created unlimited xETH to borrow in BSC. The team is currently working with security and networking partners on next steps," the developers said in a tweet.
The protocol was operated by;
0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7
Hacker created unlimited xETH to borrow in BSC.
The team is currently working with security and networking partners on the next steps.
We will share more updates as they become available.
- Addresses linked to the attack show that 206 binance coins (BNB) were drained from Qubit's QBridge protocol. The assets are worth more than €809 million at current prices, security firm PeckShield confirmed in a tweet.
- Decentralized finance (DeFi) projects like Qubit Finance rely on smart contracts rather than third parties to offer financial services, such as trading, lending, and lending, to users.
- Qubit allows users to pledge their crypto assets to the protocol and borrow against that collateral for a flat fee. QBridge is a cross-chain feature that allows users to secure their assets on other networks without moving assets from one chain to another.
- PeckShield, who audited Qubit's smart contracts, said QBridge was hacked to generate a "large amount of xETH collateral" which was then used to drain the full amount of BNB held on QBridge.
- In an incident report, security firm CertiK said the attacker used a deposit feature in the QBridge contract and illegally minted 77,162 qXETH, an asset that represents ether bridged via Qubit. The attackers tricked the protocol into showing that they had deposited funds without making an actual deposit.
2. Ethereum QBridge captured the deposit event and reached €qXETH for the hacker on #BSC.
QBridge treats the deposit event as a #ETH deposit event because the `deposit` and `depositETH` methods of the #QBridge contract emit the same event. pic.twitter.com/4TzsZqOOtI
- These steps were repeated multiple times and the attacker then converted all assets to BNB, CertiK said in a tweet.
- The exploit is the seventh largest attack on a DeFi protocol by the amount of funds stolen, according to data from the DeFi analysis tool Yield.
- Qubit's QBT is down 25% in the last 24 hours, according to data from CoinGecko. Much of the drop occurred after this morning's incident became public.
- Qubit developers continue to monitor the situation at the time of writing, according to a tweet.