Back to the list

Qubit Finance losses $80M in latest DeFi exploit

www.cryptopolitan.com 28 January 2022 08:23, UTC
Reading time: ~2 m

TL:DR Breakdown:

  • About $80 million in crypto assets were stolen from Qubit Finance’s bridge.
  • The hacker exploited an error in the protocol’s code to mint and borrow assets with zero funds deposited.
  • All the assets are still in the hacker’s wallet, and Qubit team has reached out to Binance and other security partners on the matter. 

Decentralized money market platform Qubit Finance confirmed on Friday its Ethereum-BSC bridge was exploited on January 28 due to an erroneous code in the bridge’s contract. About $80 million in crypto assets were stolen by the hacker. 

The protocol was exploited by;
The hacker minted unlimited xETH to borrow on BSC.
The team is currently working with security and network partners on next steps.
We will share further updates when available.

— Qubit Finance (@QubitFin) January 28, 2022

Qubit Finance admits $80m lost

As explained, the attacker exploited a logical error in the bridge’s contract to mint 77,162 qXETH ($185 million), which was used as collateral to borrow other assets in the protocol. In an actual sense, the attacker deposited nothing as collateral to borrow the coins. 

The assets borrowed include wETH ($37.6 million), 767 BTC-B ($28.5 million), about $9.5 million in stablecoins, and approximately $5 million in CAKE, BUNNY and MDX. In total, the hacker made away with about $80 million. During the time of writing, all the stolen assets are still held in the explorer’s wallet – worth slightly lower than $80 million due to price fluctuation.

All the functions of Qubit’s bridge have been suspended until further notice. The team said they are cooperating with Binance and security partners on this matter. While the stolen assets are being monitored, Qubit said it has contacted and offered the hacker a maximum bounty as set by their program. 


— Qubit Finance (@QubitFin) January 28, 2022

More losses in 2022?

Qubit Finance’s attack has been reported as the largest DeFi exploit since 2022. Another cross-chain platform Multichain, which allowed users to bridge assets between 30 different blockchains, lost about $3 million in an exploit about two weeks ago, and only 259 ETH of the stolen assets have been recovered. 

In the same month, leading centralized exchange, Crypto.com admitted its system was compromised, resulting in the loss of about $35 million in crypto assets. At this rate, the cryptocurrency space might record more losses than the $14 billion lost in 2021.

Back to the list