Due to a bug in the Ethereum bridge of Qubit Finance, a hacker took the opportunity to hack the lending pools and steal 206,809 Binance Coin (BNB).
Today, Qubit Finance, a DeFi protocol on the Binance Smart Chain (BSC), has lost $80 million in Binance Coin (BNB) tokens at the hands of hacker exploitation.
Yet another one of the protocols in the Binance Smart Chain (BSC) has been compromised. The Binance Smart Chain (BSC) lending system Qubit Finance was hacked and $80 million worth of Binance Coin (BNB) tokens were stolen.
A hacker leveraged a flaw on the Qubit Bridge, a cross-chain bridge connected to Ethereum, on January 27 at 9:36 p.m. UTC. Through this bridge, users are able to enter WETH into Qubit’s BSC-based smart contracts from the Ethereum mainnet so that they can get xETH. The latter can be utilized as collateral of on-protocol loans.
The hacker was able to generate xETH without inputting any WETH thanks to a key flaw in the bridge’s smart contracts, allowing them to take out infinite leveraged loans from the pools of Qubit Finance.
The team said the hacker “minted unlimited xETH to borrow on BSC” in a tweet disclosing the attack. The hacker used the xETH as collateral to steal 206,809 Binance Coin (BNB), which was valued at almost $80 million when the attack took place. The hacker’s address can be viewed to show the stolen funds.
The protocol was exploited by;
0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7
The hacker minted unlimited xETH to borrow on BSC.
The team is currently working with security and network partners on next steps.
We will share further updates when available.— Qubit Finance (@QubitFin) January 28, 2022
The team of Qubit Finance took the initiative to deliver an on-chain message to the perpetrator, offering them a $250,000 bounty to return the stolen coins. This contact is initiated as part of the bounty program with Immunefi, the ethical hacking platform which is an ongoing engagement.
[Our message to the exploiter]
The team is glad to have a conversation with you.https://t.co/4SxtuD6pQY pic.twitter.com/V9bICKvWda— Qubit Finance (@QubitFin) January 28, 2022
Another step taken by the Qubit Finance team was attempting negotiation with the hacker by trying to contact them directly.
— Qubit Finance (@QubitFin) January 28, 2022
According to data from DeFi Yield, looking at stolen funds, the recent flaw that made Qubit Finance susceptible to hackers makes this DeFi Protocol hack the 7th biggest ever. The protocol’s Qubit token has decreased 27% in the 24 hour period as a result of the attack.
Binance Smart Chain (BSC) has been notorious for the number of hacks, exploits, and rug pulls that have occurred since its inception in September 2020.
Many DeFi protocols on Binance Smart Chain (BSC) were hacked or exploited in 2021. The $31 million hack of Meerkat Finance in March, a $50 million Uranium Finance exploit in April, and the $88 million hack in May of Venus Finance are among the most serious.
Qubit Finance has yet to disclose whether or not it intends to refund or compensate users who have lost money as a result of the breach.