According to a report from CertiK, cross-chain bridge Qubit has been hacked with losses spanning over $80M in assets. The recent compromise made the incident the largest DeFi exploit of 2022.
According to CertiK’s blockchain security specialists, a decentralized finance (DeFi) vulnerability linked to Qubit Finance’s Binance smart chain – Ethereum bridge resulted in an $80 million loss. Qubit Finance is a DeFi protocol that provides lending features as well as a BSC-ETH cross-chain bridge.
The malicious attacker took advantage of the cross-chain bridge and was able to obtain 77,162 qXETH to borrow and convert into other currencies. The hacker was able to get “15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), about $9.5 million in various stablecoins, and $5 million in CAKE, BUNNY, and MDX” by leveraging stolen coins. CertiK’s post-mortem analysis goes on to say that:
Essentially what the attacker did is take advantage of a logical error in Qubit Finance’s code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum.
At the time of writing, the address still has all of the stolen coins, which are valued at $79,332,154. The cross-chain bridge vulnerability, according to CertiK, underlines two crucial points. “The significance of cross-chain bridges that promote interoperability between blockchains [as well as] the importance of these bridges’ security.” Cross-chain bridge technology has advanced significantly in recent years.
According to Dune Analytics, the total value locked (TVL) on Friday was $11.79 billion. With $5.1 billion in TVL, Polygon has the largest (MATIC – ETH) cross-chain bridge. CertiK’s post-mortem research emphasizes the importance of bridge security as cross-chain technology advances.
“Bridges will only become more significant as we transition from an Ethereum-dominated world to a fully multi-chain world,” CertiK says in his study of Qubit’s losses. “People need to move funds from one blockchain to another, but they need to do so in a fashion that isn’t vulnerable to hackers capable of stealing more than $80 million.”
