Qubit Finance took to Twitter final night time to beg hackers to return greater than $80 million in stolen cryptocurrency this week.
On Thursday, the DeFi platform said their protocol was exploited by a hacker who finally stole 206,809 binance cash from Qubit’s QBridge protocol, price greater than $80 million according to PeckShield. An hour after the primary message, the corporate explained that they had been monitoring the exploiter and monitoring the stolen cryptocurrency.
They famous that they contacted the hacker and provided them the utmost bug bounty in change for a return of the funds, one thing quite a few different hacked DeFi platforms have tried to middling success.
“We suggest you negotiate straight with us earlier than taking any additional motion. The exploit and lack of funds have a profound impact on 1000’s of actual individuals. If the utmost bounty supply isn’t what you’re searching for, we’re open to have a dialog. Let’s work out a state of affairs,” the Qubit Finance Crew wrote.
The corporate later defined in a weblog publish that their Qubit protocol “was topic to an exploit to our QBridge deposit operate.”
“The attacker known as the QBridge deposit operate on the ethereum community, which calls the deposit operate QBridgeHandler. QBridgeHandler ought to obtain the WETH token, which is the unique tokenAddress, and if the one that carried out the tx doesn’t have a WETH token, the switch shouldn’t happen,” the corporate defined.
“In abstract, the deposit operate was a operate that shouldn’t be used after depositETH was newly developed, nevertheless it remained within the contract. The group is cooperating with safety and community companions, together with Binance. Provide, Redeem, Borrow, Repay, Bridge, and Bridge redemption capabilities are disabled till additional discover. Claiming is obtainable. We’re persevering with to research and are in communications with Binance.”
Blockchain safety firm CertiK released an in depth rationalization of how the assault occurred and has been monitoring the stolen funds because the hackers transfer them to completely different accounts.
“For the non-technical readers, primarily what the attacker did is benefit from a logical error in Qubit Finance’s code that allowed them to enter malicious information and withdraw tokens on Binance Good Chain when none had been deposited on Ethereum,” CertiK defined.
DeFiYield retains a operating record of assaults on DeFi platforms, rating the assault on Qubit because the seventh largest after Compound Labs, BadgerDAO, Cream Finance, Boy X Highspeed, Vulcan Solid, and Poly Community. The record doesn’t embody different notable assaults on Grim Finance and AscendEX.
This week, blockchain evaluation agency Chainalysis launched a report that stated extra cryptocurrency was stolen from DeFi protocols than every other kind of platform final yr.
“Lots of the hacks we noticed this yr had been of DeFi protocols, so it is sensible that the funds had been despatched to DeFi companies that may deal with giant quantities of liquidity from actually any token you possibly can think about,” Kim Grauer, head of analysis at Chainalysis, informed ZDNet. “We additionally know that criminals are at all times the quickest to adapt to using new applied sciences to evade detections, and this yr was no completely different.”
In one other report launched earlier this yr, Chainalysis stated a minimum of $2.2 billion was outright stolen from DeFi protocols in 2021.