Qubit Finance has become the latest DeFi victim of an electronic attack. This attack is now the biggest attack of the year due to the high volume of stolen funds. The protocol is intending to open conversations with the attacker to reach an agreement and a possible return of funds.
The decentralized finance (DeFi) protocol, Qubit Finance, experienced a hacking attack that generated millions in losses. Investigations indicate that a malicious actor altered the Binance Smart Chain (BSC)-based lending protocol to the tune of $80 million worth of BNB token. The hacker attacked vulnerability in Qubit Bridge, a cross-chain bridging service that helps users exchange tokens between Ethereum and BSC.
The bridge allows users to deposit wrapped Ethereum (WETH) to mint xETH, an asset that becomes the image of Ethereum on the BSC chain, for use as collateral for loans in the Qubit Finance protocol.
However, a critical weakness in the Qubit Bridge smart contracts allowed the hacker to mint xETH without placing WETH funds as collateral. the situation allowed the attacker to trick the protocol to acquire unlimited leveraged loans without sending back any collateral.
Qubit Finance intends to open a negotiation with the Attacker
The PeckShield security team agreed that the protocol got violated to generate a massive amount of xETH collateral which was then used to extract the complete amount of BNB stored in QBridge.
According to information published by PeckShield researchers in a tweet, by using xETH as collateral, the hacker moved his pieces and managed to extract at least 206,809 BNB from Qubit Finance, an amount of around $80 million.
The security firm CertiK highlighted that the hacker used a deposit item in the QBridge contract to illicitly make up tokens and then make off with the loot. The report also published a full breakdown of the assets that got involved in the criminal act, agreeing on the number of funds lost during the attack.
The protocol team has also revealed a report regarding the timeline and some vital details to enlighten the readers about the incident. Qubit Finance has not pointed out whether it is considering a refund plan to make users recover from their losses, but they are trying to establish contact with the attackers to negotiate.
The developers highlighted their strategies to set up a negotiation with the attacker in a tweet. They have also left him a brief message on the blockchain offering him a $250,000 reward in exchange for returning the stolen funds.
The Biggest DeFi Hack in 2022
The latest attack on the Binance Smart Chain protocol would be the most prominent DeFi hack experienced in 2022, to date. Last week, a white-hat hacker managed to steal at least $1.73 million from the Multichain protocol before sending back $900,000 and stealing the rest as a reward for his crime.
According to data from DeFi Yield, the attack on Qubit Finance is the seventh-largest DeFi protocol attack in history, in terms of the value of funds stolen. It is also the most recent attack seen on a project by BSC, a blockchain with a prominent number of scams on its back. The blockchain has even experienced hacks, rug pulls, and other security incidents in recent months.
By: Jenson Nuñez
