Decentralized Finance (DeFi) lending as a utility platform, Qubit Finance has suffered an exploit in its bridge facility with a total of 206,809 Binance Coin (BNB), worth $77.9 million, carted away by the hacker. According to the update shared by the protocol, the attack was targeted at the QBridge system, with the hacker exploiting a flaw in the deposit function.
As part of the incident timeline shared by Qubit Finance, as many as 16 transaction deposits were sent to the QBridge side of Ethereum, and this was followed by a corresponding voteProposal tx to QBridge contract of BSC by Qubit Relayer. Qubit Finance said a number of xETH tokens were minted by 16 voteProposal tx, and liquidity in Qubit was withdrawn using this as collateral.
“The attacker called the QBridge deposit function on the ethereum network, which calls the deposit function QBridgeHandler. QBridgeHandler should receive the WETH token, which is the original tokenAddress, and if the person who performed the tx does not have a WETH token, the transfer should not occur,” the protocol said.
As a response to the attack, several platform functionalities including “Supply, Redeem, Borrow, Repay, Bridge, and Bridge redemption functions are disabled until further notice,” but that “Claiming is available.”
The team also said that coordination with security and audit firms is underway and that they are in touch with Binance to know the next course of action. While there has been targeted monitoring of the hacker and his transactions, Qubit Finance said it has offered a bounty reward to the hacker, an offering many are not optimistic the hacker will take.
Qubit Finance and the Unending DeFi Exploitation
Over the past year, decentralized finance protocols have been the primary targets of hackers who often find loopholes in code design. Amongst the major outfits that have suffered related losses in recent times include EOS, Cream Finance, and Poly Network amongst others.
While many may think DeFi protocols have so much security frailty that is endangering them, the latest hack of Crypto.com, a centralized digital currency trading platform is indicative of an industry-wide problem that remains significantly burdensome to stakeholders operating in the space.
With crypto purveyors pushing for recognition by regulators, the continuous protocol breaches are poised to make these goals a difficult one to achieve.