Lending platform Qubit Finance based on Binance Smart Chain (BSC) has been hacked. According to information security and blockchain analytics company PeckShield, the attackers withdrew digital assets worth about $80 million from the project pool.https://twitter.com/peckshield/status/1486841239450255362
Analysts noted that the hackers exploited the QBridge cross-chain service, which allowed them to issue a “huge” amount of xETH tokens. The latter were used to secure an illegitimate loan on the platform.
PeckShield emphasized that they audited smart contracts related to the landing component of the project. They did not check the QBridge codebase.
The Qubit Finance DeFi platform allows you to take loans secured by digital assets. The QBridge solution provides the ability to use cryptocurrencies outside of the BSC to secure loans. At the same time, they do not need to be moved from one blockchain to another.
CertiK explained that the exploit allowed attackers to issue xETH without actually making a deposit. They then converted the assets into BNB.
https://twitter.com/CertiKCommunity/status/1486892063006334982
The address associated with the attack contains 206,809 BNB, or more than $79.23 million at the exchange rate at the time of writing. This is by far the largest exploit of 2022 to date.
The project team confirmed the information about the hack. The developers contacted the hackers and offered them a reward to "minimize" the negative impact on the community.
https://twitter.com/QubitFin/status/1486970878785363977
According to the project blog, its team monitors the actions of attackers and "monitors the affected assets." Developers are working with security partners, including Binance representatives. Most of the platform's features are temporarily disabled.
Against the backdrop of the incident, the price of the Qubit project token (QBT) collapsed by 26%, according to CoinMarketCap.
Recall that in December 2021, cryptocurrency exchange AscendEX (formerly Bitmax) was hacked, as a result of which assets worth $77 million were stolen from its hot wallets.
Think we missed something? Let us know in the comment section below.