Skip to main content

Hackers have stolen $80 million in cryptocurrency from the Qubit DeFi platform

Hackers have stolen $80 million in cryptocurrency from the Qubit DeFi platform

/

The hack exploited a flaw in the smart contract code used in an Ethereum bridge

Share this story

Image representing NFTs with pixelated blocks made up of purple squares.
Illustration by Alex Castro / The Verge

Qubit Finance, a decentralized finance (DeFi) platform, has become the latest victim of a high-value theft, with hackers stealing around $80 million in cryptocurrency on Thursday.

The value of cryptocurrency stolen makes this the largest hack of 2022 so far.

Qubit Finance acknowledge the hack in an incident report published through Medium. According to the report, the hack occurred at around 5PM ET on the evening of January 27th.

Qubit provides a service known as a “bridge” between different blockchains, effectively meaning that deposits made in one cryptocurrency can be withdrawn in another. Qubit Finance operates a bridge between Ethereum and the Binance Smart Chain (BSC) network.

Analysis produced by CertiK, a blockchain auditing and security company, suggests the hacker was able to exploit a security flaw in Qubit’s smart contract code that let them send in a deposit of 0 ETH and withdraw almost $80 million in Binance Coin in return.

“As we move from an Ethereum-dominant world to a truly multi-chain world, bridges will only become more important,” CertiK analysts wrote. “People need to move funds from one blockchain to another, but they need to do so in ways that are not susceptible to hackers who can steal more than [$80 million].”

A statement posted by the Qubit Finance team on Twitter directly appealed to the hacker, asking them to negotiate with the team in order to minimize losses for the Qubit community.

Qubit’s incident report also stated that the team was attempting to offer the hacker the maximum reward possible under their bug bounty program. A listing for Qubit on the Immunefi bug bounty platform suggests that this is $250,00.

Since the launch of Binance Smart Chain in 2020, several DeFi projects have suffered exploits. The most severe include a $31 million hack on Meerkat Finance in March 2021, a hack on Uranium Finance for $50 million in April, and an $88 million hack against Venus Finance in May, according to Crypto Briefing.