Threat Management, Threat Management

Smart-chain financial site Qubit hacked for $80 million

The litecoin, ripple and ethereum cryptocurrency “altcoins” sit arranged for a photograph on April 25, 2018, in London. (Jack Taylor/Getty Images)

Decentralized finance (DeFi) is defying security hopes as Qubit Finance, a major decentralized digital finance platform, was taken for $80 million in cryptocurrency by cyber-thieves on Thursday.

The largest crypto-hack so far this year was initially reported (and admitted by Qubit) in an incident report released on Medium. The attack happened at approximately 5 p.m. Eastern on Jan. 27. Qubit Finance operate as a bridge between various blockchain providers, like a settlement processing provider might in more conventional financial services transactions, so that digital funds deposited into one type of cryptocurrency can be taken out through another type. Qubit specifically works as a “bridge” between Ethereum and the Binance Smart Chain (BSC) network.

Early analysis from researchers at CertiK, which audits cryptocurrency and blockchain enterprises, found that attackers had exploited a “security flaw” within the smart contract code of Qubit’s blockchain, which allowed them to deposit nothing and yet withdraw nearly $80 million through Binance Coin.

“As we move from an Ethereum-dominant world to a truly multi-chain world, bridges will only become more important,” CertiK analysts wrote. “People need to move funds from one blockchain to another, but they need to do so in ways that are not susceptible to hackers who can steal more than [$80 million].”

The Qubit Finance team released its own statement on Twitter, pleading with the bad actors who stole the funds to negotiate with the blockchain finance go-between, so as to reduce financial impact for all the people who use the blockchain bridge. To that end, Qubit reportedly offered a bug bounty of $250,000 to the hackers to encourage them to return their stolen crypto-funds.

Yesterday’s hack on Qubit Finance is the seventh largest criminal exploit experienced by a DeFi platform, which depend on smart contracts as opposed to third parties for clearing and trading funds. Binance Smart Chain has been around less than two years, since April 2020, and has undergone several multi-million dollar attacks, including the $88 million theft committed on Venus Finance last May, $50 taken from Uranium Finance in April 2021, and $31 million snagged by hackers from Meerkat Finance the month before that, March 2021.

Keegan Francis, cryptocurrency and bitcoin specialist for Finder, believes that despite such attacks, cryptocurrency exchanges “are actually setting an amazing example for how financial security of the future will look.” While he admits that there have been numerous hacks of exchanges in the short time cryptocurrencies have been around, Francis says that “these hacks are happening less and less over time as the consequences for not implementing sufficient security are permanent and catastrophic for the business. Exchanges have ended up implementing sophisticated compliance and security measures to ensure the security of their customers' money.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.