Posted on January 29, 2022 at 6:43 PM
Decentralized finance (DeFi) platform Qubit Finance has become the latest victim of a hacking incident. The platform reportedly lost $80 million in a cryptocurrency heist, making it the largest hacking theft so far in 2022.
In an incident report, Qubit Finance has acknowledged the hacking incident, saying that the hack occurred on the evening of January 27, 2022.
Qubit offers a unique service, bridging between blockchains and enabling users to easily withdraw cryptocurrency withdrawal from deposits made in another crypto deposit.
The Hacker Exploited A Flaw Within Qubit’s Smart Contract Code
The company concentrates on the Binance Smart Chain (BSC) and Ethereum network. According to an analysis produced by blockchain auditing and security company, CertiK, the threat actor exploited a vulnerability within Qubit’s smart contract code. It enabled them to deposit 0 ETH while withdrawing $80 million worth of Binance coin in exchange.
The analysts noted that the type of service Qubit offers will become more important as we move from an Ethereum-dominant world to a truly multi-chain world. While people need to move funds from one blockchain to another, it’s also necessary that it should be done without putting funds at risk of exploitation.
Qubit has also appealed to the hackers to come to the negotiation table concerning the return of the stolen funds. The company is hoping that the hackers will listen to the appeal and receive compensation in exchange for the stolen funds.
“The exploit and loss of funds have a profound effect on thousands of real people,” the company stated in the message to the hackers.
According to the company, its platform was exploited by threat actors who stole 206,809 Binance coins from Qubit’s QBridge protocol. The firm also followed up the first message by saying that it was tracking the hacker and monitoring the stolen crypto assets.
The Hacker Has Been Offered A Bounty In Exchange For The Funds
The finance team has contacted the threat actors, asking them to remove the maximum bug bounty and return the remaining funds to the network. this has become a normalcy for hacking DeFi platforms, which are getting their stolen funds returned in exchange for a bounty to the hacker.
The hacker has already shared multiple messages with the hacker on Twitter, as the team offered a bounty of $250,000 and begged them to return the remaining funds.
“We propose you negotiate directly with us before taking any further action,” the Qubit finance team wrote. The team also added that they are open to negotiation if the proposed bounty is not what the hacker is looking for.
The deposit function wasn’t supposed to be used after depositETH was recently developed, but it was still found in the contract, which was a flaw.
The team has also reached out to other network partners and security firms to find out a better way of dealing with the situation.
Following the hack, the team disabled the Bridge redemption, Repay, Borrow, Redeem, and Supply functions to prevent any further attack on the system.
However, an investigation into the situation is ongoing and the firm has assured that it will inform the public when any important information comes up.
More DeFi Protocols Targeted by Hackers
Qubit Finance explained deeply, especially to the non-technical readers who may not understand how the hacking incident occurred. The company’s finance team stated that the attacker took advantage of a logical flaw in Qubit Finance’s code which enabled them to plant malicious data and withdraw crypto assets from Binance Smart Chain.
DeFiYield has ranked the attack on Qubit as the seventh-largest on DeFi platforms. Other platforms that have been attacked in the past include Cream Finance, Compound Labs, Poly Network, Vulcan Forged, Boy X Highspeed, and BadgerDAO.
Blockchain analysis firm Chainanalysis reported this week that more crypto funds were stolen from DeFi protocols than other platforms last year. It is an indication that threat actors are seeing DeFi platforms as more attractive avenues to enrich themselves.
The revelation also implies that these platforms need to step up their game when it comes to the security of their protocols. Head of research at Chainanalysis, Kim Grauer, stated that threat actors are usually the first to adapt to the use of new technologies to stay under the radar. This year, the attackers have started with the same momentum. The same platform released another analysis, which noted that DeFi protocols lost about $2.2 billion from hacking incidences in 2021.