Hackers Seize $80 Million From Qubit in Latest DeFi Attack

(Bloomberg) — More than $80 million of digital assets were swiped from a decentralized finance platform in the latest hack of cryptocurrency trading marketplaces.

A blockchain extension by Qubit Finance, a DeFi lending firm, was exploited by a hacker on Thursday night, according to a company release. The add-on known as X-Bridge allows people to exchange tokens between Ethereum and Binance Smart Chain, two of the most popular blockchains.

The attacker garnered a total of $185 million in xETH, or Xpolsive Ethereum, by using malicious data to extract tokens from the Binance Smart Chain that was never deposited into Ethereum, as the code directs, according to a report by blockchain auditing firm CertiK.

Qubit wrote an open letter to the person responsible offering a bounty of as much as $250,000 and requesting to negotiate the return of lost funds which effect “thousands of real people.” The company has disabled certain functions of the X-Bridge while it investigates the issue.

Cybersecurity breaches have become ubiquitous on cryptocurrency trading platforms, leaving investors frustrated and companies suspending services to fix network vulnerabilities. It is a caveat of a system where transactions can only be traced to anonymous serial codes rather than personal identifications. A record $1.3 billion was stolen in DeFi scams and exploits in 2021.

“As we move from an Ethereum-dominant world to a truly multi-chain world, bridges will only become more important,” Connie Lam, head of incident response at CertiK, said in a note. “People need to move funds from one blockchain to another, but they need to do so in ways that are not susceptible to hackers.”

Qubit did not immediately respond to a request for comment.

More stories like this are available on bloomberg.com

©2022 Bloomberg L.P.

Close Bitnami banner
Bitnami