Qubit Finance suffers a $80 million loss as a result of a DeFi Protocol hack

Hackers stole 206,809 Binance Coin (BNB) worth around $80 million from Qubit's QBridge protocol, making it the 7th largest DeFi hack in history.


Hackers stole 206,809 Binance Coin, roughly $80 million, from Qubit’s QBridge protocol, making it the seventh largest DeFi hack ever
Qubit Finance hacked | Image: Optimisus

Hackers stole $80 million from Qubit Finance's DeFi protocol, the company confirmed on Friday.


According to DeFiYield Rekt data, the attackers used the protocol to steal 206,809 Binance coins via Qubit's QBridge deposit function, making it the seventh largest DeFi hack ever.


The QBridge protocol acts as an Ethereum-BSC (Binance Smart Chain) bridge, allowing users to exchange ERC-20 and BEP-20 tokens between the two blockchains. The protocol is built on top of the BSC as a set of smart contracts.


According to blockchain security firm CertiK, the attacker essentially took advantage of a logical error in Qubit Finance's code that allowed them to input malicious data and withdraw tokens on BSC when none were deposited on Ethereum.



The decentralized money market platform issued a statement via Twitter to notify the exploiter that they were aware of what was going on and proposed a direct negotiation before taking any further action.


"The exploitation and loss of funds have a profound effect on thousands of real people," according to the company.


The team also contacted the hacker and offered the maximum bounty allowed by its program, according to a blog post. It didn't say how much the bounty would be or whether the hacker was interested.


Qubit is still tracking the exploiter and monitoring affected assets, and a number of account management features have been disabled until further notice. However, it stated that its claiming feature is still available.


"We are continuing our investigation and have been in contact with Binance," Qubit wrote. "Further updates and a comprehensive report will be provided as they become available."


When Blockworks inquired, the company was unavailable for further comment.