Qubit recently joined the unlucky list of DeFi protocols on the Binance Smart Chain (BSC) to get exploited. Approximately about $80 million worth of BNB tokens just got lost. The hack was carried out at the latter part of the night, on January 27, 2022, and was only discovered by the platform some few hours later.
As reported through a Twitter post, Qubit pointed out that the spiteful perpetrator took advantage of loose ends on the Qubit bridge, which is a cross-chain bridge to Ethereum.
What Happened Precisely?
The team had compiled and published a detailed report consisting of the analysis of the event and marked out the address of the hacker. The Q-bridge allows participants to make deposits of WETH from Ethereum’s mainnet to the Qubit’s Based Smart Contract and as well mint xETh, which can stand as collateral to borrow on BSC.
Nonetheless, the hacker took advantage of the vulnerability and somehow was able to mint unlimited xETH without making any WETH deposits. The hacker using the minted xETH as collateral withdrew 206,809 BNB from the DeFi lending protocol, which is worth a rough estimate of about $80 million.
The Qubit team will keep on monitoring the asset that has been affected, of which at the time of documentation had not moved from the marked address. As of now the stolen coins are still in the address, although the postmortem analysis carried after that by Certik states that the vulnerability of the cross-chain bridges points out two relevant things, which are the relevance of cross-chain bridges that enables an interoperable transaction between blockchains and as well the importance of safeguarding the bridges.
Over the past year, cross-chain bridge technology has significantly evolved. During a discussion with the CTO at cryptocurrency wallet app Zeno, Tal Be’ery, he stated that the Qubit exploitation is a fragment of a more significant trend occurring in the crypto industry. He pointed out that recently a few other bridge projects were hacked, comprising Multi-chain, Polychain MATIC, and presently Qubit.
Qubit Makes An Effort To Contact The Perpetrator
Qubit has made several attempts to get in touch with the perpetrator. The team offered in an on-chain message a token of $250,000 as bounty for the hacker to return the assets stolen. This amount is the maximum price laid down by Qubit’s current bug bounty program.
On Twitter, the protocol wrote to the hacker demanding him to cooperate. In the statement, they asked him to negotiate directly with them before carrying out any further plan. They mentioned that exploitation and fund removal could have an adverse effect on people whose assets are involved.
The lending protocol has disabled some features till further notice, like the borrow, supply, repay, bridge, redeem, and bridge redemption functions. Qubit’s exploitation scenario rates as the 7th extensive attack based on the amount stolen.