Qubit Finance

History

2022: Theft of $80 million as a result of a hacker attack

At the end of January 2022, hackers hacked the DeFi project Qubit Finance and withdrew $80 million worth of cryptocurrency from its pool.

According to the company CertiK, which specializes in blockchain security, there was a "logical error" in the code of the hacked X-Bridge smart contract, which led to the exploit. X-Bridge simplifies token exchange with Ethereum to Binance Smart Chain. In other words, when a user enters an ERC-20 token into a service, they receive a BEP-20 token instead, which can then be used in the Binance Smart Chain. An error in the code allowed the attacker to output tokens to Binance Smart Chain when none of them were deposited in Ethereum.

The attackers managed to get 77,162 qXETH ($185 million), which they then used as collateral and borrowed other assets from credit pools in the amount of $80 million. These assets include 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), various stablecoins worth about $9.5 million and CAKE, BUNNY and MDX tokens worth about $5 million.

As a result of the hacking of the service for cryptocurrency loans, Qubit Finance stole $80 million

The company CertiK explained that the attackers managed to take advantage of the vulnerability, causing the deposit function in the QBridge contract without making funds. Ethereum QBridge recorded the deposit event and issued a $qXETH for the hacker on the BSC blockchain.

QBridge treats the deposit event as a# ETH replenishment because the "deposit" and "depositETH" methods in the QBridge contract cause the same event, the researchers noted.

Cybercriminals repeated the request several times, which allowed to increase the total amount to $80 million.

This, of course, is the largest exploit of 2022 to date, "CertiK experts noted.

According to them, in 2021, DeFi projects lost $1.3 billion due to hacks. The DeFiYield said that this hack was the seventh largest in the segment of decentralized finance.^[1]

Notes