Findings stemming from a recent report published by the security-focused blockchain firm Certik indicate that the Binance smart chain ↔ Ethereum bridge called Qubit has been hacked for $80 million. Data shows on January 27, 2022, an attacker siphoned a number of tokens from an exploit on Qubit Finance’s bridge and Certik says the hack is “by far the largest exploit of 2022 to date.”
Qubit’s Binance Smart Chain ↔ Ethereum Cross-Chain Bridge Attacked for $80 Million in Defi Tokens
A decentralized finance (defi) exploit tied to Qubit Finance’s Binance smart chain ↔ Ethereum bridge has led to the loss of $80 million, according to the blockchain security experts at Certik. Qubit Finance is a defi protocol that offers lending capabilities and a cross-chain bridge between BSC and ETH.
— Stefan (🦎,🦎) (@0xCryptoStefan) January 27, 2022
The cross-chain bridge was exploited by the malicious attacker who managed to net 77,162 qXETH to borrow and convert the funds into other funds. Essentially, the hacker was able to leverage stolen coins to obtain “15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), approximately $9.5 million in various stablecoins, and ~$5 million in CAKE, BUNNY, and MDX.” Certik’s post-mortem analysis further explains:
Essentially what the attacker did is take advantage of a logical error in Qubit Finance’s code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum.
Certik: ‘People Need to Bridge Crypto Assets in Ways That Are Not Susceptible to Hackers’
Currently, the address still holds all the stolen coins which are worth approximately $79,332,154 at the time of writing. Certik says that the cross-chain bridge vulnerability highlights two important things. “The importance of cross-chain bridges that facilitate interoperability between blockchains [and the] importance of the security of these bridges.” During the last 12 months, cross-chain bridge technology has grown a great deal.
Data stemming from Dune Analytics shows there’s $11.79 billion total value locked (TVL) on Friday. Polygon has the largest (MATIC ↔ ETH) cross-chain bridge TVL with $5.1 billion. Certik’s post-mortem analysis stresses that as cross-chain tech grows bridge security will be very important.
“As we move from an Ethereum-dominant world to a truly multi-chain world, bridges will only become more important,” Certik’s analysis of Qubit’s losses concludes. “People need to move funds from one blockchain to another, but they need to do so in ways that are not susceptible to hackers who can steal more than $80 million dollars.”