Source: gualtiero boffi – shutterstock
- Qubit Finance was attacked on Friday morning, with the attackers draining the platform of 216,000 BNB coins, worth over $80 million.
- The platform says it’s working with security and network partners to pursue the attackers and has sent a message to them urging them to give back the money.
Qubit Finance has been exploited for $80 million, becoming the latest DeFi project to fall victim to attackers in what is becoming a worryingly common trend. The attackers took advantage of a vulnerability to mint xETH tokens and exchanged them for Binance Coins, taking off with over 200,000 BNB coins. The platform says it’s working on pursuing the attackers, partnering with network and security partners.
Qubit revealed on Twitter that it had been exploited, with the hacker minting an unlimited amount of xETH which he used to borrow on the Binance Smart Chain protocol. “The team is currently working with security and network partners on next steps,” it claimed.
The protocol was exploited by;
0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7
The hacker minted unlimited xETH to borrow on BSC.
The team is currently working with security and network partners on next steps.
We will share further updates when available.— Qubit Finance (@QubitFin) January 28, 2022
In a more detailed report, the platform revealed that the attackers targeted their QBridge deposit function. PeckShield, a blockchain security company, added:
It seems the QBridge of QubitFin is hacked to mint a huge amount of xETH collateral and drain the pool funds about $80M. Please note we audited the Qubit lending, not the QBridge!
The attacker stole 206,809 Binance Coin tokens, worth $79.7 million at press time, as on-chain data from BscScan shows.
On the actions it has taken, Qubit said that it’s continuing to track the exploiter and monitor the affected assets. It has also contacted the exploiter to offer him the maximum bounty if he returns the money he stole. This has become a common tactic when DeFi platforms are unable to take other measures and instead plead with the attackers. Surprisingly, it has worked in the past.
Update:
1. The team continues to track the exploiter and monitor affected assets
2. The team has contacted the exploiter to offer the maximum bounty— Qubit Finance (@QubitFin) January 28, 2022
In its on-chain message to the attacker, Qubit said that it’s hoping to minimize the effect to the community, as the screenshot below shows.
In another message, Qubit further pleaded with the attacker, stating:
We propose you to negotiate directly with us before taking any further actions. The exploit and loss of funds have a profound effect on thousands of real people. If the maximum bounty offer is not what you’re looking for, we are open to have a conversation. Let’s figure out a solution.
Qubit is a DeFi protocol that allows its users to borrow loans against cryptocurrency collateral for fixed interest rates. The $80 million it lost is the seventh-highest amount lost in a DeFi hack. Its native token QBT is down 27 percent since it got attacked, trading at $0.00459207 at press time.