The cross-chain bridge of DeFi protocol Qubit Finance, referred to as X-Bridge, has been exploited and misplaced $80 million within the course of.
X-Bridge facilitates swapping tokens from Ethereum to Binance Sensible Chain. In different phrases, when somebody deposits an ERC-20 token to the bridge, they obtain a BEP-20 token in return, which might then be used on Binance Sensible Chain.
There was a “logical error” in X-Bridge’s sensible contract code that led to the exploit, in response to blockchain safety agency CertiK. The error in the code allowed the attacker to withdraw tokens on Binance Sensible Chain when none was deposited on Ethereum.
The attacker ended up netting 77,162 qXETH ($185 million), which they then used as collateral and borrowed different asserts from lending swimming pools value $80 million, in response to CertiK.
These property are 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), round $9.5 million value of varied stablecoins, and about $5 million value of CAKE, BUNNY, and MDX tokens.
Whereas the attacker exploited X-Bridge for $185 million, they didn’t immediately convert the 77,162 qXETH to ETH, thus they ended up profiting solely $80 million via the above tokens, CertiK instructed The Block.
“That is by far the biggest exploit of 2022 thus far,” the agency added. Final 12 months, DeFi tasks misplaced $1.3 billion in hacks, in response to CertiK.
Qubit Finance said it has contacted the exploiter to supply the utmost bounty. In the meantime, it has disabled sure capabilities of X-Bridge till additional discover, whereas claiming of funds is on the market.
© 2022 The Block Crypto, Inc. All Rights Reserved. This text is offered for informational functions solely. It’s not provided or supposed for use as authorized, tax, funding, monetary, or different recommendation.