On January 28, attackers stole greater than $80 million from Binance Sensible Chain-based Qubit Finance.
Qubit Finance introduced this assault on its official Twitter.
Addresses linked with the assault point out that 206,809 BNB had been stolen from Qubit’s QBridge protocol. In response to safety agency PeckShield, the stolen belongings are price greater than $80 million.
- Jan-27–2022 09:18:55 PM +UTC: 0.8887725 ETH despatched from twister to attacker account
- Jan-27–2022 09:34:01 PM +UTC~Jan-27–2022 09:50:41 PM +UTC: Despatched 16 deposit tx to QBridge of Ethereum
- Jan-27–2022 09:36:32 PM +UTC~Jan-27–2022 09:51:02 PM +UTC: Despatched 16 voteProposal tx to QBridge contract of BSC by Qubit Relayer
- Plenty of xETH tokens had been minted by 16 voteProposal tx, and liquidity in Qubit was withdrawn utilizing this as collateral
The attacker known as the QBridge deposit operate on the ethereum community, which calls the deposit operate QBridgeHandler.
QBridgeHandler ought to obtain the WETH token, which is the unique tokenAddress, and if the one who carried out the tx doesn’t have a WETH token, the switch mustn’t happen.
tokenAddress.safeTransferFrom(depositer, deal with(this), quantity);
Within the code above, tokenAddress is 0, so safeTransferFrom didn’t fail and the deposit operate ended usually whatever the quantity worth.
Moreover, tokenAddress was the WETH deal with earlier than depositETH was added, however as depositETH is added, it’s changed with the zero deal with that’s the tokenAddress of ETH.
In abstract, the deposit operate was a operate that shouldn’t be used after depositETH was newly developed, nevertheless it remained within the contract.
- The group is continuous to trace the exploiter and monitor affected belongings.
- The group has contacted the exploiter to supply the utmost bounty as set by our program.
- The group is cooperating with safety and community companions, together with Binance.
- Provide, Redeem, Borrow, Repay, Bridge, and Bridge redemption capabilities are disabled till additional discover. Claiming is obtainable.
DISCLAIMER: The Info on this web site is supplied as common market commentary and doesn’t represent funding recommendation. We encourage you to do your individual analysis earlier than investing.
Be a part of CoinCu Telegram to maintain monitor of stories: https://t.me/coincunews
Qubit Finance Qubit Finance Qubit Finance