A recent report released by the security-focused blockchain company Certik indicates that the Binance smart chain ↔ Ethereum bridge called Qubit has been hacked for $80 million. According to Certik, on January 27, 2022, a hacker siphoned several tokens from an exploit on Qubit Finance’s bridge. Certik says this is “by far the largest exploit of 2022 so far.”
Qubit’s Binance Smart Chain ↔ Ethereum Cross-Chain Bridge hacked for $80 Million in Defi Tokens.
According to Certik’s blockchain security experts, the decentralized finance (defi) exploit linked to Qubit Finance’s Binance smart chain * Ethereum bridge caused the loss of $80 million. In addition to offering lending capabilities, Qubit Finance offers a cross-chain bridge between BSC and ETH.
Unfortunately looks like @QubitFin from the team at @PancakeBunnyFin has been exploited for over $80m in assets.
Exploiter's address:https://t.co/s2WDCCiLho
— Stefan (@SenorStefan) January 27, 2022
The malicious attacker exploited the cross-chain bridge to gain 77,162 qXETH and converted them into other currencies. The hacker was able to obtain “15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), approximately $9.5 million in various stablecoins, and *$5 million in Cake, Bunny, and MDX.” Certik’s post-mortem analysis explains:
The attacker exploited a logical error in Qubit Finance’s code to input malicious data and withdraw tokens from Binance Smart Chain when none were deposited on Ethereum.
Certik: ‘People Need to Bridge Crypto Assets in Ways That Are Not Susceptible to Hackers’
Currently, the address still contains all of the stolen coins, which are worth approximately $79,332,154 at the time of writing. The cross-chain bridge vulnerability highlights two important points. “The importance of cross-chain bridges that facilitate interoperability between blockchains [and the] importance of security of these bridges.” During the last 12 months, cross-chain bridge technology has accelerated in popularity.
A visual perspective of the stolen funds taken from Qubit’s Binance Smart Chain ↔ Ethereum cross-chain bridge via Certik.
Data stemming from Dune Analytics shows there’s $11.79 billion total value locked (TVL) on Friday. Polygon has the largest (MATIC ↔ ETH) cross-chain bridge TVL with $5.1 billion. Certik’s post-mortem analysis stresses that bridge security will be critical as cross-chain tech grows.
As we move from an Ethereum-centric world to a multi-chain one, bridges will become more important, Certik concludes in his analysis of Qubit’s losses. “People need to move funds from one blockchain to another, but they need to do so in a way that is not vulnerable to hackers who can steal more than $80 million.”