“We propose you negotiate directly with us before taking any further action. The exploit and loss of funds have a profound effect on thousands of real people. If the maximum bounty offer is not what you are looking for, we are open to have a conversation. Let’s figure out a situation,” the Qubit Finance Team wrote.
The company later explained in a blog post that their Qubit protocol “was subject to an exploit to our QBridge deposit function.”
“The attacker called the QBridge deposit function on the ethereum network, which calls the deposit function QBridgeHandler. QBridgeHandler should receive the WETH token, which is the original tokenAddress, and if the person who performed the tx does not have a WETH token, the transfer should not occur,” the company explained.
Qubit Finance took to Twitter last night to beg hackers to return more than $80 million in stolen cryptocurrency this week.
On Thursday, the DeFi platform said their protocol was exploited by a hacker who eventually stole 206,809 binance coins from Qubit’s QBridge protocol, worth more than $80 million according to PeckShield. An hour after the first message, the company explained that they were tracking the exploiter and monitoring the stolen cryptocurrency.
They noted that they contacted the hacker and offered them the maximum bug bounty in exchange for a return of the funds, something a number of other hacked DeFi platforms have tried to middling success.
They shared multiple messages on Twitter that they purportedly sent to the hacker offering a bug bounty of $250,000 and begging for a return of the stolen funds.
Qubit Finance, a decentralized finance (DeFi) platform, has become the latest victim of a high-value theft, with hackers stealing around $80 million in cryptocurrency on Thursday.
The value of cryptocurrency stolen makes this the largest hack of 2022 so far.
Qubit Finance acknowledge the hack in an incident report published through Medium. According to the report, the hack occurred at around 5PM ET on the evening of January 27th.
Qubit provides a service known as a “bridge” between different blockchains, effectively meaning that deposits made in one cryptocurrency can be withdrawn in another.
Defi platform stolen funds qubit hackerproof
QBridgeHandler should receive the WETH token, which is the original tokenAddress, and if the person who made the tx does not have a WETH token, the transfer should not take place.
“In summary, the deposit function is a function that should not have been used after the new development of depositETH, but it remained in the contract. The team cooperates with security and network partners, including Binance. Funding, Redemption, Borrowing, Redemption, Bridge and Bridge Redemption features are disabled until further notice.
The complaint is available. We are continuing our investigation and are in communication with Binance. »
The seventh biggest attack on a DeFi platform
The blockchain security company CertiK has published a detailed explanation of how the attack occurred.
Defi platform stolen funds qubit hackers
CertiK, a blockchain auditing and security company, suggests the hacker was able to exploit a security flaw in Qubit’s smart contract code that let them send in a deposit of 0 ETH and withdraw almost $80 million in Binance Coin in return.
“As we move from an Ethereum-dominant world to a truly multi-chain world, bridges will only become more important,” CertiK analysts wrote. “People need to move funds from one blockchain to another, but they need to do so in ways that are not susceptible to hackers who can steal more than [$80 million].”
A statement posted by the Qubit Finance team on Twitter directly appealed to the hacker, asking them to negotiate with the team in order to minimize losses for the Qubit community.
Qubit’s incident report also stated that the team was attempting to offer the hacker the maximum reward possible under their bug bounty program.
Defi platform stolen funds qubit hackerz
Binance. Supply, Redeem, Borrow, Repay, Bridge, and Bridge redemption functions are disabled until further notice. Claiming is available. We are continuing to investigate and are in communications with Binance.”
Blockchain security company CertiK released a detailed explanation of how the attack occurred and has been tracking the stolen funds as the hackers move them to different accounts.
“For the non-technical readers, essentially what the attacker did is take advantage of a logical error in Qubit Finance’s code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum,” CertiK explained.
DeFiYield keeps a running list of attacks on DeFi platforms, ranking the attack on Qubit as the seventh largest after Compound Labs, BadgerDAO, Cream Finance, Boy X Highspeed, Vulcan Forged, and Poly Network.
We suggest you negotiate instantly with us earlier than taking any additional motion. The exploit and lack of funds have a profound impact on hundreds of actual individuals. If the utmost bounty supply just isn’t what you might be searching for, we’re open to have a dialog.
Let’s determine a state of affairs,” the Qubit Finance Group wrote.
The corporate later defined in a weblog publish that their Qubit protocol “was topic to an exploit to our QBridge deposit operate.”
“The attacker known as the QBridge deposit operate on the ethereum community, which calls the deposit operate QBridgeHandler. QBridgeHandler ought to obtain the WETH token, which is the unique tokenAddress, and if the one who carried out the tx doesn’t have a WETH token, the switch shouldn’t happen,” the corporate defined.
Qubit later upped its offer to $1 million, and then to $2 million with the promise that the attacker would not be prosecuted.
We have secured the funds to be able to pay a bounty of $2,000,000 in line with the historically high Polygon bounty and our total limit, without prosecution. We continue to work with security firms throughout the ecosystem and independently to resolve this exploit. The entire Qubit community is hopeful you will do the right thing and accept the offer.
To be honest, if I were criminally minded and had stolen $80 million from Qubit, I might be very happy holding out, and seeing if the company could offer me a reward significantly closer to $80 million…
News of the hack is, of course, potentially catastrophic for Qubit and very worrying for its users.
“We suggest that you negotiate directly with us before taking any further action. The exploit and the loss of funds have a profound effect on thousands of real people. If the maximum premium isn’t what you’re looking for, we’re open to a conversation.
Let’s try to find a solution,” writes Qubit’s finance team.
The company goes on to explain in a blog post that its Qubit protocol “has been exploited on the QBridge repository feature.”
“The attacker called the QBridge deposit function on the Ethereum network, which calls the QBridgeHandler deposit function.
Qubit Finance took to Twitter final evening to beg hackers to return greater than $80 million in stolen cryptocurrency this week.
On Thursday, the DeFi platform stated their protocol was exploited by a hacker who finally stole 206,809 binance cash from Qubit’s QBridge protocol, value greater than $80 million in line with PeckShield. An hour after the primary message, the corporate defined that they have been monitoring the exploiter and monitoring the stolen cryptocurrency.
They famous that they contacted the hacker and provided them the utmost bug bounty in change for a return of the funds, one thing a lot of different hacked DeFi platforms have tried to middling success.
They shared a number of messages on Twitter that they purportedly despatched to the hacker providing a bug bounty of $250,000 and begging for a return of the stolen funds.
Qubit Finance took to Twitter last night to beg hackers to return over $80 million worth of stolen cryptocurrency this week.
Thursday, the DeFi platform announcement that its protocol was exploited by a hacker. He ended up stealing 206,809 Binance tokens from Qubit’s QBridge protocol, worth over $80 million. according to PeckShield.
One hour after the first message, the company indicated track down the hacker and monitor the stolen cryptocurrencies.
The company contacts the hacker, offering them a maximum bug bounty in exchange for refunding the funds. A number of other hacked DeFi platforms have already tried this technique, with mixed success.
Qubit officials have share many messages exchanged with the hacker on Twitter.