Qubit Finance, a DeFi protocol on Binance Smart Chain, was exploited today for $80 million. Approximately 80 million worth of BNB tokens.
Qubit Smashed by Hack
Another Binance Smart Chain protocol has been hacked.
An unknown hacker was able to drain $80 million worth of BNB tokens. He was reportedly able to take it from the Binance Smart Chain lending protocol Qubit Finance.
On Jan. 27 a hacker exploited a vulnerability on the Qubit Bridge, a cross-chain bridge connected to Ethereum. Further, this bridge lets users deposit WETH from the Ethereum main net into Qubit’s Binance Smart Chain-based smart contract to mint xETH.
Due to a critical vulnerability in the bridge’s smart contracts, the hacker was able to mint xETH without depositing any WETH. Thereby giving them the ability to take out unlimited leveraged loans from Qubit’s pools.
In a Twitter post announcing the exploit, the team reported that the hacker “minted unlimited xETH to borrow on BSC.” Using the xETH as collateral, the hacker proceeded to siphon 206,809 BNB from Qubit Finance, worth about $80 million at the time.
Hacker to The Team
In an on-chain message directed to the hacker, the Qubit team offered a bounty of $250,000 in return for the stolen funds. As per the protocol’s ongoing bug bounty program with the ethical hacking platform Immune. In another post, the Qubit team has also tried to contact the hacker to negotiate.
The Qubit Finance exploit appears to be the seventh-largest DeFi protocol hack in terms of the value of stolen funds, as per data from DeFi Yield. Following the hack, the protocol’s Qubit token has dropped 27% over the past 24 hours.
Since the launch of Binance Smart Chain in September 2020, the chain has become infamous for the number of hacks.
In 2021, several DeFi projects on Binance Smart Chain suffered major hacks or exploits. Some of the most severe include Meerkat Finance’s $31 million hack in March 2021, a Uranium Finance exploit that cost protocol users $50 million in April and the $88 million attack on Venus Finance in May.
Qubit Finance has not yet commented on plans to reimburse or compensate users for funds lost due to the exploit.