Qubit's Ethereum-BSC bridge hacked with $80 million


On Thursday, adecentralized lending and borrowing platform, Qubit Finance, said theirprotocol was exploited by hacked for 206,809 binance coins from Qubit's QBridgeprotocol which is worth more than $80 million as per PeckShield.
The specific smart contract flaw whichallowed the attack was located in X-Bridge. X-Bridge is a cross-chain bridgethat facilitates easy token swaps between Ethereum and Binance Smart Chain. In the largest Defi hack of 2022, the bridge collapsed. Lenders and borrowers are connectedefficiently and securely, in the money market platform. Hackers input maliciousdata in the bridge's infrastructure without depositing Ethereum and withdrawtokens on the Binance Smart Chain. The hackers received $185 million worth in Qubit xETH (an asset that represents bridged Ethereum on the Binance SmartChain) in return. In BSC tokens the attacker's address still holds $80 million. Using Qubit's Ethereum-BSC bridge, users can deposit ERC-20 tokens and receive BEP-20 in return. Attackers exploited the "deposit" contract to target the bridge.
The company was tracking the exploiter and monitoring the stolen cryptocurrency. It was explained through a message just an hour after the first message. An official report by the Qubit team says, “In summary, the deposit function was a function that should not be used after deposit ETH was newly developed, but it remained in the contract.”
The team atQubit Finance is working on monitoring the address and network partners, including Binance. In Qubit Finance's cross-chain bridge the hack highlighted two key issues which are interoperability between blockchains and lack of security in the infrastructure.
Though in 2021there were several DeFi hacks, the industry remains prone to attacks. Over the past few months, Grim Finance, Cream Finance, pNetwork was hacked. As a reaction to the hack on Qubit, the platform's token QBT went through an of 26%in its price overnight.

Indrani Bose
CBW - External Analyst
INDIA