DeFi Protocol Qubit Finance Loses $80M in Hack

Hackers have stolen $80 million from DeFi protocol Qubit Finance, the firm confirmed on Friday. 

The attackers exploited the protocol to take 206,809 Binance coins through Qubit’s QBridge deposit function, making it the seventh largest DeFi hack ever, DeFiYield Rekt data shows. 

The QBridge protocol is an Ethereum-BSC (Binance Smart Chain) bridge that allows users to swap ERC-20 and BEP-20 tokens between the two blockchains. The protocol is implemented as a set of smart contracts built on top of the BSC.

The attacker essentially took advantage of a logical error in Qubit Finance’s code that allowed them to input malicious data and withdraw tokens on BSC when none were deposited on Ethereum, blockchain security firm CertiK explained. 

The decentralized money market platform tweeted a statement to notify the exploiter that they were aware of what was happening and proposed a direct negotiation before taking further action. 

“The exploit and loss of funds have a profound effect on thousands of real people,” the company said. 

The team also contacted the exploiter to offer the maximum bounty as set by its program, it said in a post. It didn’t disclose how much the bounty would be, or if the hacker was receptive.  

Qubit is continuing to track the exploiter and monitor affected assets and has disabled a number of account management features until further notice. However, its claiming feature is still available, it said. 

“We are continuing to investigate and are in communications with Binance,” Qubit wrote. “Further updates and a full report will be shared as they become available.”

The company was not available for additional comment when requested by Blockworks. 

---

Get the news in your inbox. Explore Blockworks newsletters:

• The Breakdown: Decoding crypto and the markets. Daily.
• 0xResearch: Alpha in your inbox. Think like an analyst.