Qubit Finance exploited, loses $80M in one of the biggest DeFi hacks

gualtiero boffi Satoshi Hack Hacker 1000x600 1
  • Qubit Finance was attacked on Friday morning, with the attackers draining the platform of 216,000 BNB coins, worth over $80 million.
  • The platform says it’s working with security and network partners to pursue the attackers and has sent a message to them urging them to give back the money.

Qubit Finance has been exploited for $80 million, becoming the latest DeFi project to fall victim to attackers in what is becoming a worryingly common trend. The attackers took advantage of a vulnerability to mint xETH tokens and exchanged them for Binance Coins, taking off with over 200,000 BNB coins. The platform says it’s working on pursuing the attackers, partnering with network and security partners.

Qubit revealed on Twitter that it had been exploited, with the hacker minting an unlimited amount of xETH which he used to borrow on the Binance Smart Chain protocol. “The team is currently working with security and network partners on next steps,” it claimed.

In a more detailed report, the platform revealed that the attackers targeted their QBridge deposit function. PeckShield, a blockchain security company, added:

It seems the QBridge of QubitFin is hacked to mint a huge amount of xETH collateral and drain the pool funds about $80M. Please note we audited the Qubit lending, not the QBridge!

The attacker stole 206,809 Binance Coin tokens, worth $79.7 million at press time, as on-chain data from BscScan shows.

On the actions it has taken, Qubit said that it’s continuing to track the exploiter and monitor the affected assets. It has also contacted the exploiter to offer him the maximum bounty if he returns the money he stole. This has become a common tactic when DeFi platforms are unable to take other measures and instead plead with the attackers. Surprisingly, it has worked in the past.

Read More: Update: Poly Network hacker returns $260M of the stolen funds, defines the network as “decent” and “sophisticated.”

In its on-chain message to the attacker, Qubit said that it’s hoping to minimize the effect to the community, as the screenshot below shows.

Image

In another message, Qubit further pleaded with the attacker, stating:

We propose you to negotiate directly with us before taking any further actions. The exploit and loss of funds have a profound effect on thousands of real people. If the maximum bounty offer is not what you’re looking for, we are open to have a conversation. Let’s figure out a solution.

Qubit is a DeFi protocol that allows its users to borrow loans against cryptocurrency collateral for fixed interest rates. The $80 million it lost is the seventh-highest amount lost in a DeFi hack. Its native token QBT is down 27 percent since it got attacked, trading at $0.00459207 at press time.

QBT 1D graph coinmarketcap