Hacker Siphons $80 Million From Qubit Cross-Chain Bridge, Largest Defi Exploit of 2022 to Date

Bitcoin News

Findings stemming from a recent report published by the security-focused blockchain firm Certik indicate that the Binance smart chain ↔ Ethereum bridge called Qubit has been hacked for $80 million. Data shows on January 27, 2022, an attacker siphoned a number of tokens from an exploit on Qubit Finance’s bridge and Certik says the hack is “by far the largest exploit of 2022 to date.”

Qubit’s Binance Smart Chain ↔ Ethereum Cross-Chain Bridge Attacked for $80 Million in Defi Tokens

A decentralized finance (defi) exploit tied to Qubit Finance’s Binance smart chain ↔ Ethereum bridge has led to the loss of $80 million, according to the blockchain security experts at Certik. Qubit Finance is a defi protocol that offers lending capabilities and a cross-chain bridge between BSC and ETH.

The cross-chain bridge was exploited by the malicious attacker who managed to net 77,162 qXETH to borrow and convert the funds into other funds. Essentially, the hacker was able to leverage stolen coins to obtain “15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), approximately $9.5 million in various stablecoins, and ~$5 million in CAKE, BUNNY, and MDX.” Certik’s post-mortem analysis further explains:

Essentially what the attacker did is take advantage of a logical error in Qubit Finance’s code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum.

Certik: ‘People Need to Bridge Crypto Assets in Ways That Are Not Susceptible to Hackers’

Currently, the address still holds all the stolen coins which are worth approximately $79,332,154 at the time of writing. Certik says that the cross-chain bridge vulnerability highlights two important things. “The importance of cross-chain bridges that facilitate interoperability between blockchains [and the] importance of the security of these bridges.” During the last 12 months, cross-chain bridge technology has grown a great deal.

A visual perspective of the stolen funds taken from Qubit’s Binance Smart Chain ↔ Ethereum cross-chain bridge via Certik.

Data stemming from Dune Analytics shows there’s $11.79 billion total value locked (TVL) on Friday. Polygon has the largest (MATIC ↔ ETH) cross-chain bridge TVL with $5.1 billion. Certik’s post-mortem analysis stresses that as cross-chain tech grows bridge security will be very important.

“As we move from an Ethereum-dominant world to a truly multi-chain world, bridges will only become more important,” Certik’s analysis of Qubit’s losses concludes. “People need to move funds from one blockchain to another, but they need to do so in ways that are not susceptible to hackers who can steal more than $80 million dollars.”

Tags in this story
Analysis, attacker, Binance Smart Chain, Binance Smart Chain ↔ Ethereum, BSC, BSC ↔ ETH, certik, Certik Security, cross-chain bridge, cross-chain bridge TVL, DeFi, Defi Hack, Dune Analytics, ETH, Ethereum, Hacker, Polygon, post-mortem analysis, Qubit, Qubit bridge, Qubit Finance, qXETH, Stablecoins

What do you think about Qubit’s $80 million cross-chain bridge loss? Let us know what you think about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.




Image Credits: Shutterstock, Pixabay, Wiki Commons, Certik,

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Read disclaimer

Products You May Like

Articles You May Like

Ripple Stablecoin RLUSD Is A ‘Trojan Horse’ For DeFi And Banking, Claims Venture Capitalist

Leave a Reply

Your email address will not be published. Required fields are marked *