Qubit Bridge Collapse Exploited to the Tune of $80 Million

What Happened?

At 9:34PM UTC on January 27th, 2022, an attacker began their exploit of Qubit Finance’s Ethereum-BSC bridge. This exploit ended up netting them 77,162 qXETH ($185 million), which they then used to borrow and convert 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), approximately $9.5 million in various stablecoins, and ~$5 million in CAKE, BUNNY, and MDX.

Who’s the Target?

Qubit Finance bills themselves as “a decentralized money market platform that takes advantage of the speed, automation, and security of the blockchain to connect lenders and borrowers efficiently and securely.”

How Did This Happen?

For the non-technical readers, essentially what the attacker did is take advantage of a logical error in Qubit Finance’s code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum.

What Have We Learned?

As of the time of publication, the attacker’s address still holds approximately $80 million of stolen assets.

  1. The importance of the security of these bridges

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store