An attacker used a bug in the code of the decentralized finance protocol Qubit Finance to steal $80 million from credit pools.
Vulnerability in the cross-chain bridge of the QBridge projectallowed him to convert ERC-20 tokens to BEP-20 without depositing the former. In fact, this gave the hacker the opportunity to receive new digital assets for free. By repeatedly using this smart contract logic error, he was able to exchange 77,162 qXETH worth $185 million.
However, he did not convert the received tokens to ether directly, but deposited them as collateral forborrowing other digital assets from credit poolsin the amount of $80 million. As a result, the attacker received 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), various stablecoins for about $9.5 million and CAKE, BUNNY, MDX tokens with a total value of about $5 million .
The developers of Qubit Finance reported the hack on Friday morning. They temporarily blocked some features of the protocol and offered the hacker a reward for a refund.
According to the analytical service DeFi Yield, thisThe attack ranked seventh in terms of the value of stolen assets in the history of decentralized finance protocols. The largest was the Poly Network hack for $600 million.
Over the past 24 hours, the rate of the native token of the QBT platform has fallen by 30%.
</p>Read this:
$ 18 million stolen from DeFi-protocol Cream Finance
DeFi protocol Indexed Finance lost $ 16 million
Hackers Withdrew Almost $ 25 Million from DForce DForce Protocol
DeFi project Pickle Finance lost almost $ 20 million due to hack
Hackers hacked Popsicle Finance's DeFi protocol and stole $ 25 million
Hacker stripped DeFi-protocol xToken of $ 25 million