2 min read

Qubit pleads with hacker to return $80 million of stolen funds

Graham CLULEY

January 31, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Qubit pleads with hacker to return $80 million of stolen funds

Qubit, a decentralized finance (DeFi) platform, has publicly offered $2,000,000 to a hacker who stole $80 million worth of cryptocurrency from it last week.

Late on the evening of 27 January, according to an incident report published by Qubit Finance, a hacker exploited a vulnerability to steal over 206,000 Binance coins from the company's QBridge protocol.

In a tweet, blockchain security firm PeckShield said that QBridge was hacked to mint a "huge amount of xETH collateral and drain the pool funds about $80M."

As security firm CertiK explains, the attacker exploited "a logical error in Qubit Finance's code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum."

Qubit, meanwhile, said it was tracking the exploiter and monitoring affected assets.  And although it did not know the true identity of the hacker, they had sent their attacker a message offering to pay a reward in the hope of the safe return of the funds.

Initially Qubit pointed to its bug bounty program, which offers a maximum $250,000 reward to discoverers of the most critical vulnerabilities.

This is the Qubit Finance team.
We propose you to negotiate directly with us before taking any further action.
The exploit and loss of funds have a profound effect on thousands of real people.
If the maximum bounty offer is not what you are looking for, we are open to have a conversation. Let's figure out a solution.
Qubit Finance Team

However, perhaps realising that wasn't going to be enough to coax the attacker into handing over the funds, Qubit later upped its offer to $1 million, and then to $2 million with the promise that the attacker would not be prosecuted.

We have secured the funds to be able to pay a bounty of $2,000,000 in line with the historically high Polygon bounty and our total limit, without prosecution. We continue to work with security firms throughout the ecosystem and independently to resolve this exploit. The entire Qubit community is hopeful you will do the right thing and accept the offer.

To be honest, if I were criminally minded and had stolen $80 million from Qubit, I might be very happy holding out, and seeing if the company could offer me a reward significantly closer to $80 million...

News of the hack is, of course, potentially catastrophic for Qubit and very worrying for its users.  Once again, a cryptocurrency DeFi platform has found its security wanting, and left to beg hackers for the return of stolen funds.  The promise to pay attackers a "bug bounty" reward to its seemingly criminal attackers would itself appear to be legally questionable in some parts of the world.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor 2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor
Silviu STAHIE

December 07, 2022

1 min read
Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read