The amount of money lost in hacks of decentralized financed (DeFi) projects more than doubled to $1.3 billion in 2021. “State of DeFi Security” research report had highlighted the same concern. This marked a 2500% increase from 2020. Well, here’s an addition to the 2022 tally.
The seventh-largest crypto exploit
Binance Smart Chain-based Qubit Finance, launched by PancakeBunny, is currently trending within the crypto community, although for the wrong reason. The protocol was hacked according to the report from auditing firm PeckShield. The attacker stole a large amount of xETH collateral and about $80 million from the pool’s funds.
It seems the QBridge of @QubitFin is hacked to mint huge amount of xETH collateral and drain the pool funds about $80M. Please note we audited the Qubit lending, not the QBridge! More to come…
— PeckShield Inc. (@peckshield) January 27, 2022
According to DeBank data, the address related to the attack on Qubit Finance (0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7) exchanged stolen ETH, BTCB, DAI and other assets for BNB. The wallet address had more than 200,000 BNB worth nearly $80 million.
In an incident report, security firm CertiK said the attacker used a deposit function in the QBridge contract and illicitly minted 77,162 qXETH. An asset that represented ether bridged via Qubit. Attackers tricked the protocol to show that they had deposited funds without making an actual deposit. These steps were repeated several times, and the attacker then converted all the assets to BNB.
A few hours ago, the project’s official Twitter account confirmed the hack and provided the latest update in a report. It included an analysis of the attack to ascertain the nature of the exploit. Further, to prevent any similar exploits in the future.
Now, talking about the present one, the incident timeline looked like this,
Source: Medium
The team, at the time of writing was tracking and monitoring affected assets. In addition to this, they also contacted the exploiter to offer the maximum bounty.
Joining the ride: As per data from analytics tool DeFi Yield, this was the 7th largest attack on a DeFi protocol by the amount of funds stolen. Needless to say, Polynetwork was leading the pack. Last month the Grim Finance protocol lost $30 million in an exploit.
Too late to apologise?
Original token price from Qubit, QBT, was down more than 26% from an intraday high of $0.0067 to a low of $0.0048. The graph below showcased the free-fall just minutes post-attack.
Source: CoinMarketCap
Needless to say, users weren’t happy with the said loss. Different individuals portrayed their frustration on Twitter.
