Qubit Finance got hacked, suffers $80 million loss

[wtsimis]

Crypto exchangers hacking are now occurring frequently. Every week news comes out that any exchange got hacked. Qubit Finance is the latest decentralized finance Defi protocol hacked. According to their tweet hackers steals over $80 million from Qubit Finance.  Hacker stole over 206,000 Binance Coin from QBridge protocol. The coins are worth like $80 million. The protocol does not accept any deposit asset in the platform.

Source: https://twitter.com/QubitFin/status/1486870238591594497

[milewilda]

Crypto exchangers hacking are now occurring frequently. Every week news comes out that any exchange got hacked. Qubit Finance is the latest decentralized finance Defi protocol hacked. According to their tweet hackers steals over $80 million from Qubit Finance.  Hacker stole over 206,000 Binance Coin from QBridge protocol. The coins are worth like $80 million. The protocol does not accept any deposit asset in the platform.

Source: https://twitter.com/QubitFin/status/1486870238591594497

Decentralized my ass? Exchange hacks do really happen and thats why its never been ideal nor worth to stay up your coins nor make out some investment on 3rd parties or something like that.
These places are the best spots or honeyspots  for these hackers yet this do involved millions of dollars for them to steal in and once there  would be some vulnerabilities then expect that this would surely happen next in line.Is there something we can do about recovery? None... I feel sorry for those people who do mainly lost up the money involving on this hack as always.

[coupable]

Crypto exchangers hacking are now occurring frequently. Every week news comes out that any exchange got hacked. Qubit Finance is the latest decentralized finance Defi protocol hacked. According to their tweet hackers steals over $80 million from Qubit Finance.  Hacker stole over 206,000 Binance Coin from QBridge protocol. The coins are worth like $80 million. The protocol does not accept any deposit asset in the platform.

Source: https://twitter.com/QubitFin/status/1486870238591594497

Thank you for sharing the info. $80 million is a big money however i think it's somehow easy to trace them by devs as i also know that BNB is not fully decentralized and i am not sure if it can be frozen like USDT Erc20.
It becomes a frequent event to hear about a hacked exchange. We all hear lately about opensea being hacked and even btc.com exchange.

[batang_bitcoin]

Crypto exchangers hacking are now occurring frequently. Every week news comes out that any exchange got hacked.

It's been happening every year. And this is the reason why many of us here keep reminding the others that don't leave huge amounts of crypto assets in exchanges or finances if we're not even going to trade and will just hold it, they're not a place to store our crypto for long holding.

Qubit Finance is the latest decentralized finance Defi protocol hacked. According to their tweet hackers steals over $80 million from Qubit Finance.  Hacker stole over 206,000 Binance Coin from QBridge protocol. The coins are worth like $80 million. The protocol does not accept any deposit asset in the platform.

Source: https://twitter.com/QubitFin/status/1486870238591594497

Another big money is taken from this defi. I guess it has something to do with their smart contracts and the hackers see the hope in it. I'm not technical on it but these hackers always look for that hole for them to penetrate. I saw the tweet of qubit that they're negotiating with the hackers.

[Darker45]

It seems other than the security loopholes that these DeFi platforms have, it is the structures or the designs themselves that somehow provide these thieves the ability to abuse these platforms. This is exactly the thing that worries regulators. For as long as DeFi and other crypto products are built, operated, and offered to the public unregulated, the risk on people's money is high. There is currently no agency that would scrutinize the security and viability of these financial platforms. There is no body that rejects or approves these sites based on their capacity to provide safe and sound services to the public.

What is even more pathetic is the pleading of the platform for the hacker to return the money and receive a bounty reward. Who steals $80 million in exchange for a much smaller amount? If this kind of platform proliferates, they would end up operating at the mercy of hackers.

[crwth]

It seems like it's because some data parameters are not being correct. I saw one reply from that tweet, and it does look legit.

For those interested in the address of Qubit here, it is.

https://bscscan.com/address/0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7

I do hope they somehow make a recovery from it or something. They need to look further at possible entry points to prevent exploitations like this.

[batang_bitcoin]

I do hope they somehow make a recovery from it or something. They need to look further at possible entry points to prevent exploitations like this.

They can only recover it if the hackers managed to agree to contact them and have a negotiation which is what they're doing right now. They're trying to reach out through Twitter.
Here's the tweet: https://twitter.com/QubitFin/status/1487210385619169283?cxt=HHwWhsDR0er90KMpAAAA
I don't think that the hackers will contact them any time soon. They've hacked them for one reason, to rob. These people don't have any shame as they know there will be tons of people that will be affected with their action.

[crwth]

They can only recover it if the hackers managed to agree to contact them and have a negotiation which is what they're doing right now. They're trying to reach out through Twitter.

I don't think they would be able to get the results that they want with that right? But there's nothing wrong to do it as well. You'll never know if it will be like how other hackers have done. I remember an exchange got hacked but the hacker returned the funds and just told that they should be aware of those tactics. I don't remember the event though but I think it was last year.

[Husires]

Did they manage to get those hacked coins back? Was it frozen or returned to them?
BSC is supposed to be centralized (modified version of Proof-of-Stake with only 21 Validators (11 validators) all of them controlled by who?! Binance) Or did I miss something?
If the platform is really decentralized, then discovering vulnerabilities in smart contracts is difficult, so either the programming is weak, or the hacker works in Qubit Finance or is related to the platform.

[batang_bitcoin]

They can only recover it if the hackers managed to agree to contact them and have a negotiation which is what they're doing right now. They're trying to reach out through Twitter.

I don't think they would be able to get the results that they want with that right? But there's nothing wrong to do it as well. You'll never know if it will be like how other hackers have done. I remember an exchange got hacked but the hacker returned the funds and just told that they should be aware of those tactics. I don't remember the event though but I think it was last year.

Yeah, the same thought as mine. The hackers might be thinking up this point or they really don't want to participate for the return of the money. There are new tweets from qubit and it seems that there's no reply yet from them. The offer bounty they're giving to the hackers is $1M if they return the $80M.

Did they manage to get those hacked coins back? Was it frozen or returned to them?

Not yet and unlikely to get returned, they're only waiting for the response of the hacker to negotiate with them and offered them $1M for the return of the funds.

[JeromeTash]

It seems like it's because some data parameters are not being correct. I saw one reply from that tweet, and it does look legit.

For those interested in the address of Qubit here, it is.

https://bscscan.com/address/0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7

I do hope they somehow make a recovery from it or something. They need to look further at possible entry points to prevent exploitations like this.

I remember at one time when Binance was hacked. CZ wanted a reorg on Bitcoin network, which backfired on him because Bitcoin is a truly decentralized network. Now, I am waiting to see what he will do on his centralized shitcoin network in order to be able to recover the stolen BNB  

[The Cryptovator]

I remember at one time when Binance was hacked. CZ wanted a reorg on Bitcoin network, which backfired on him because Bitcoin is a truly decentralized network. Now, I am waiting to see what he will do on his centralized shitcoin network in order to be able to recover the stolen BNB  

Could they freeze funds as USDT can? I can't read the code. If it's possible then they might take action by freezing funds. Though it's not an advantage if it's possible then using BNB is quite risky. Seems they become more popular day by day.

Hacking DeFi and centralized exchange news become regular lately which is a threat for the crypto industry. They aren't learning from others and not focusing on the security system. I know hackers find the loophole somehow, but they should always monitor by their security team.

[TryNinja]

Could they freeze funds as USDT can? I can't read the code. If it's possible then they might take action by freezing funds.

BNB? No, they can't. Unless you think they own all the validators on the chain and can just fork as they wish, but this is a very different story.

Also, CZ/Binance didn't lose anything, why would he care? The users that deposited their wrapped BTC, USDC, USDT, etc... on the Qubit smart contract were the ones who got hit.

[vv181]

If the platform is really decentralized, then discovering vulnerabilities in smart contracts is difficult

Why would it make it difficult? The platform/contract is open source, everyone is able to audit and check the code. Ideally, I think decentralization should make detecting a vulnerability getting easier.

so either the programming is weak, or the hacker works in Qubit Finance or is related to the platform.

Certik made a detailed analysis of how the exploit gets executed: Qubit Bridge Collapse Exploited to the Tune of $80 Million. After I tried to look around, turns out the devs that made this app were also have been exploited in the past on another project. I believe the negligence should be on the security side.

[AmoreJaz]

If the platform is really decentralized, then discovering vulnerabilities in smart contracts is difficult

Why would it make it difficult? The platform/contract is open source, everyone is able to audit and check the code. Ideally, I think decentralization should make detecting a vulnerability getting easier.

so either the programming is weak, or the hacker works in Qubit Finance or is related to the platform.

Certik made a detailed analysis of how the exploit gets executed: Qubit Bridge Collapse Exploited to the Tune of $80 Million. After I tried to look around, turns out the devs that made this app were also have been exploited in the past on another project. I believe the negligence should be on the security side.

so maybe the hackers knew their history and now, they tried again and succeeded. maybe, this will be their expensive lesson to change things about their security protocol. most hacked sites will only tighten their security after some incidents like this. why not make their security brick and mortar in the first place? or most of them don't want to invest in strong security features because of the added funds that will cost them?

[Daltonik]

After the incident, the Qubit Finance DeFi protocol development team announces the restructuring and transfer of the Qubit platform under the management of DAO, the development team will continue to work, and the exploit tracking will continue. Whether it will be more reliable from a security point of view, time will tell.

Source: https://pancakebunny.medium.com/the-next-chapter-dao-9630b2c087b

[JeromeTash]

After the incident, the Qubit Finance DeFi protocol development team announces the restructuring and transfer of the Qubit platform under the management of DAO, the development team will continue to work, and the exploit tracking will continue. Whether it will be more reliable from a security point of view, time will tell.

Source: https://pancakebunny.medium.com/the-next-chapter-dao-9630b2c087b

It seems to me like a bye bye message  
I find it hard to believe such messages after the so-called "hacks" or "exploits" Who know if it was an insider job. I mean, $80M is more than enough to make half a dozen devs rich and go live on endless vacations, minus having to worry about the shitty DeFi platform.

[Slow death]

Crypto exchangers hacking are now occurring frequently. Every week news comes out that any exchange got hacked. Qubit Finance is the latest decentralized finance Defi protocol hacked. According to their tweet hackers steals over $80 million from Qubit Finance.  Hacker stole over 206,000 Binance Coin from QBridge protocol. The coins are worth like $80 million. The protocol does not accept any deposit asset in the platform.

Source: https://twitter.com/QubitFin/status/1486870238591594497

Decentralized my ass? Exchange hacks do really happen and thats why its never been ideal nor worth to stay up your coins nor make out some investment on 3rd parties or something like that.
These places are the best spots or honeyspots  for these hackers yet this do involved millions of dollars for them to steal in and once there  would be some vulnerabilities then expect that this would surely happen next in line.Is there something we can do about recovery? None... I feel sorry for those people who do mainly lost up the money involving on this hack as always.

You are right but it is important to understand that it is not possible for someone to day trade without having to leave coins on the exchange every day, so on this issue the problem is not in the people who leave coins on the exchange. the problem is in the exchanges that must be safe and have funds that guarantee that they can compensate customers in case of any possible hack. i just wanted to add this