Friday, November 22, 2024
Home > ICO > DeFi Protocol Qubit Finance Exploited For $80M

DeFi Protocol Qubit Finance Exploited For $80M

Binance Smart Chain-based Qubit Finance was exploited for over $80 million by attackers on Friday morning, developers confirmed in a post.

  • “The hacker minted unlimited xETH to borrow on BSC. The team is currently working with security and network partners on next steps,” developers said in a tweet.
  • Addresses connected to the attack show 206,809 binance coins (BNB) were drained from Qubit’s QBridge protocol. The assets are worth over $80 million at current prices, security firm PeckShield confirmed in a tweet.
  • Decentralized finance (DeFi) projects like Qubit Finance rely on smart contracts instead of third parties to offer financial services, such as trading, lending, and borrowing, to users.
  • Qubit allows users to supply their crypto holdings to the protocol and borrow loans against this collateral for a fixed fee. QBridge is a cross-chain feature that enables users to collateralize their assets on other networks without moving assets from one chain to another.
  • PeckShield, which audited Qubit’s smart contracts, said the QBridge was hacked to mint a “huge amount of xETH collateral” that was then used to drain the entire amount of BNB held on QBridge.
  • In an incident report, security firm CertiK said the attacker used a deposit function in the QBridge contract and illicitly minted 77,162 qXETH, an asset that represents ether bridged via Qubit. Attackers tricked the protocol to show that they had deposited funds without making an actual deposit.
  • These steps were repeated several times, and the attacker then converted all the assets to BNB, CertiK said in a tweet.
  • The exploit is the seventh-largest attack on a DeFi protocol by the amount of funds stolen, as per data from analytics tool DeFi Yield.
  • Qubit’s QBT is down 25% in the past 24 hours, as per data from CoinGecko. Much of the fall occurred after this morning’s incident was made public.
  • Qubit developers continue to monitor the situation at the time of writing, as per a tweet.



Original Source