Hackers took advantage of bridge smart contract bug in Qubit Finance and stole $80 million

Due to a vulnerability in the smart contract code, the DeFi protocol Qubit Finance lost $80 million in cryptocurrencies. The project team turned to the hacker with a request to start negotiations.


Decentralized finance (DeFi) platform Qubit Finance became the latest victim of a major theft. On Thursday, hackers stole about $80 million in cryptocurrency.

Qubit provides a service known as a bridge between different blockchains, which effectively means that deposits made in one cryptocurrency can be withdrawn in another. Qubit Finance operates the bridge between Ethereum and the Binance Smart Chain (BSC) network. An analysis by CertiK suggests that a hacker was able to exploit a security vulnerability in the Qubit smart contract code that allowed them to send a deposit of 0 ETH and withdraw nearly $80 million in Binance Coins in return. The bug allowed hackers to call the “deposit” function without actually depositing any funds. This enabled the attacker to mint 77,162 xETH collateral, which they exchanged for BNB worth nearly $80 million.

The statement posted by the Qubit Finance team on Twitter contains a direct request to the hacker to negotiate with the project team in order to minimize losses to the Qubit community.

“We propose you to negotiate directly with us before taking any further action. The exploit and loss of funds have a profound effect on thousands of real people. If the maximum bounty offer is not what you are looking for, we are open to have a conversation. Let’s figure out a solution.”

The Qubit incident report also states that the team was trying to offer the hacker the highest possible bounty for finding the bug as part of their bounty program ($250,000).

The biggest previous DeFi protocol hacks are $31 million of Meerkat Finance in March 2021, $50 million of Uranium Finance in April, and $88 million of Venus Finance in May.

Via: 2Coinfox.info

Share this article:

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.