Defi platform funds qubit finance hacker

defi platform funds qubit finance hacker

Binance. Supply, Redeem, Borrow, Repay, Bridge, and Bridge redemption functions are disabled until further notice. Claiming is available. We are continuing to investigate and are in communications with Binance.”

Blockchain security company CertiK released a detailed explanation of how the attack occurred and has been tracking the stolen funds as the hackers move them to different accounts.

“For the non-technical readers, essentially what the attacker did is take advantage of a logical error in Qubit Finance’s code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum,” CertiK explained.

DeFiYield keeps a running list of attacks on DeFi platforms, ranking the attack on Qubit as the seventh largest after Compound Labs, BadgerDAO, Cream Finance, Boy X Highspeed, Vulcan Forged, and Poly Network.

Despite the name, DAO Maker has no apparent connection to MakerDAO, the decentralized finance, or DeFi, protocol behind the stablecoin Dai (DAI).” — Cointelegraph

Amount stolen: $7,000,000

Poly Network (August 10, 2021)

“Multi-chain interoperability protocol Poly Network fell victim to an exploit today, resulting in the loss of roughly $600 million worth of various cryptocurrencies, the platform’s developers revealed.” — Decrypt [1][2]

Amount stolen: $268,000,000

Punk Protocol (August 10, 2021)

“On Aug 10th, Punk Protocol was hacked for $8.95M, ~$5M of which was later returned.

“Preliminary results show that BNT-ETH was the only exploited pool. Total amount is 125,585 BNT (~ $637k). The attacker has returned the BNT. All funds have been recovered with zero losses.” — @WildCredit [1][2]

Amount stolen: n/a

Merlin Lab (May 26, 2021)

“A total of $330k was stolen, bringing their TVL (total value lost) to $1,560,000, and putting them on par with Value DeFi as one of the few protocols to be so unsafe that they have three positions onto the rekt leaderboard.” — REKT

Amount stolen: $330,000

Merlin Lab (May 26, 2021)

“Just 8 hours after the first attack, they lost another ~200 ETH to a completely different exploit.” — REKT

Amount stolen: $550,000

Merlin Lab (May 26, 2021)

“On May 26, 2021, 03:59:05 AM +UTC, less than 48 hrs after the Autoshark hack.

Defi platform funds qubit finance hackers

On the 27th of January 2022, Qubit Finance tweeted about the biggest DeFi (Decentralized Finance) exploits of 2022 which resulted in them losing $80 million dollars of cryptocurrency in the form of 206,809 Binance coins.


What is Qubit Finance?

Qubit is a decentralized money market platform that takes advantage of the speed, automation, and security of the blockchain to connect lenders and borrowers efficiently and securely.

Defi platform funds qubit finance hackerproof

CertiK, a blockchain auditing and security company, suggests the hacker was able to exploit a security flaw in Qubit’s smart contract code that let them send in a deposit of 0 ETH and withdraw almost $80 million in Binance Coin in return.

“As we move from an Ethereum-dominant world to a truly multi-chain world, bridges will only become more important,” CertiK analysts wrote. “People need to move funds from one blockchain to another, but they need to do so in ways that are not susceptible to hackers who can steal more than [$80 million].”

A statement posted by the Qubit Finance team on Twitter directly appealed to the hacker, asking them to negotiate with the team in order to minimize losses for the Qubit community.

Qubit’s incident report also stated that the team was attempting to offer the hacker the maximum reward possible under their bug bounty program.

Defi platform funds qubit finance hackerz

A security researcher from venture capital firm Paradigm, known on Twitter as Samczsun, has managed to save SushiSwap and its Miso platform from a potential loss of as much as 109,000 Ether (ETH).” — Cointelegraph

Amount stolen: n/a

Zabu Finance (September 12, 2021)

“Avalanche-Based Zabu Finance Sees $3.2M Hack. The attacker used Zabu’s “Transfer Tax” mechanism to mint tokens, sending their value to zero.” — CoinDesk

Amount stolen: $3,200,000

Dao Maker (September 4, 2021)

“DaoMaker was exploited for ~$4m. They left the `init` function unprotected.

Medium post by on-chain analysis and security startup PeckShield.” — CoinDesk

Amount stolen: $30,000,000

Uranium Finance (April 28, 2021)

“Uranium Finance, an automated market maker platform on the Binance Smart Chain, has reported a security incident that resulted in a loss of about $50 million.” — Cointelegraph

Amount stolen: $50,000,000

EasyFi (April 19, 2021)

“EasyFi, a decentralized finance (DeFi) Polygon Network-powered protocol, has reported suffering a hack Monday of over $80 million.”— CoinDesk

Amount stolen: $80,000,000

Force DAO (April 4, 2021)

“According to a chain of tweets by Mudit Gupta, blockchain team lead at blockchain software company Polymath, there were five attackers, one of whom later returned his share of the stolen funds.

Before the attack the hacker has moved funds needed for gas through the Celer Network cBridge. 15 minutes later the attacker deployed the contract that was used to drain funds from OneRing. This contract has been self-destructed however we are already working with node providers in order to get the information of the block where the contract was deployed. We believe we can find the bytecode, decompile it and at least have a brief idea on how this contract was structured.” — One Ring Finance | Medium

Amount stolen: $1,400,000

Li Finance (March 21, 2022)

“The Li Finance swap aggregator has experienced a smart contract exploit leading to the loss of around $600,000 from 29 users’ wallets.

The exploit took place at 2:51 am UTC on Sunday.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice.
Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate.
Qubit Finance took to Twitter last night to beg hackers to return more than $80 million in stolen cryptocurrency this week.

On Thursday, the DeFi platform said their protocol was exploited by a hacker who eventually stole 206,809 binance coins from Qubit’s QBridge protocol, worth more than $80 million according to PeckShield. An hour after the first message, the company explained that they were tracking the exploiter and monitoring the stolen cryptocurrency.

They noted that they contacted the hacker and offered them the maximum bug bounty in exchange for a return of the funds, something a number of other hacked DeFi platforms have tried to middling success.

They shared multiple messages on Twitter that they purportedly sent to the hacker offering a bug bounty of $250,000 and begging for a return of the stolen funds.

According to CertiK, the hacker carried out these actions numerous times, changing all of the funds to Binance Coin in the process.


“Essentially, the attacker took advantage of a logical mistake in Qubit Finance’s code that enabled them to insert fraudulent data and withdraw tokens on Binance Smart Chain while none were placed on Ethereum,” CertiK revealed. Qubit’s QBT was down 34.6 percent at the time of writing, according to CoinGecko statistics.

Leave a Reply

Your email address will not be published.