Global Crypto Market

Binance Smart Chain, Ethereum Crypto Bridge Hacked for $80 Million – Decrypt

An exploit in decentralized finance (DeFi) protocol Qubit Finance enabled one hacker to walk away with $80 million in stolen crypto yesterday. 
The specific smart contract flaw that enabled the attack was located in X-Bridge, a cross-chain bridge that facilitates easy token swaps between Ethereum and Binance Smart Chain
This flaw enabled the attacker to input malicious data without depositing Ethereum and receive $185 million worth in Qubit xETH (an asset that represents bridged Ethereum on the Binance Smart Chain) in return.
The attacker then used this money as collateral to "borrow" about $80 million worth of crypto from various lending pools. 
The full breakdown of purloined assets amounts to 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), approximately $9.5 million in stablecoins, and $5 million in CAKE, BUNNY, and MDX tokens, according to audit firm CertiK.
Since the attacker never converted their qXETH "collateral," the total cost of the theft to Qubit Finance is $80 million. 

Qubit Finance published a blog post today with a play-by-play breakdown of the attack in its entirety. 
On Qubit's Twitter page, the team also tweeted that it is "glad to have a conversation with [the attacker]." It attached a screenshot message saying that Qubit is "prepared to offer [the attacker] the maximum bounty for the revealed exploit" in order to "minimize the effect on the community."
[Our message to the exploiter]
The team is glad to have a conversation with you.
— Qubit Finance (@QubitFin) January 28, 2022

Blockchain security analysts Peckshield tweeted on Friday morning that it had audited Qubit Finance's lending protocol and will provide further details soon. 
It seems the QBridge of @QubitFin is hacked to mint huge amount of xETH collateral and drain the pool funds about $80M. Please note we audited the Qubit lending, not the QBridge! More to come…
— PeckShield Inc. (@peckshield) January 27, 2022

While this attack has been the largest this year, it wasn't the first cross-chain hack in 2022. 
Last week, a white-hat hacker stole $1.73 million from Multichain before returning $900,000 and pocketing the rest as a bounty.
As different blockchains become popular and cross-chain activity grows alongside it, projects like Qubit and Multichain are expected to become key targets for hackers.
Copy article link


Leave a Comment

Your email address will not be published.