2 min read

Qubit pleads with hacker to return $80 million of stolen funds

Graham CLULEY

January 31, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Qubit pleads with hacker to return $80 million of stolen funds

Qubit, a decentralized finance (DeFi) platform, has publicly offered $2,000,000 to a hacker who stole $80 million worth of cryptocurrency from it last week.

Late on the evening of 27 January, according to an incident report published by Qubit Finance, a hacker exploited a vulnerability to steal over 206,000 Binance coins from the company's QBridge protocol.

In a tweet, blockchain security firm PeckShield said that QBridge was hacked to mint a "huge amount of xETH collateral and drain the pool funds about $80M."

As security firm CertiK explains, the attacker exploited "a logical error in Qubit Finance's code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum."

Qubit, meanwhile, said it was tracking the exploiter and monitoring affected assets.  And although it did not know the true identity of the hacker, they had sent their attacker a message offering to pay a reward in the hope of the safe return of the funds.

Initially Qubit pointed to its bug bounty program, which offers a maximum $250,000 reward to discoverers of the most critical vulnerabilities.

This is the Qubit Finance team.
We propose you to negotiate directly with us before taking any further action.
The exploit and loss of funds have a profound effect on thousands of real people.
If the maximum bounty offer is not what you are looking for, we are open to have a conversation. Let's figure out a solution.
Qubit Finance Team

However, perhaps realising that wasn't going to be enough to coax the attacker into handing over the funds, Qubit later upped its offer to $1 million, and then to $2 million with the promise that the attacker would not be prosecuted.

We have secured the funds to be able to pay a bounty of $2,000,000 in line with the historically high Polygon bounty and our total limit, without prosecution. We continue to work with security firms throughout the ecosystem and independently to resolve this exploit. The entire Qubit community is hopeful you will do the right thing and accept the offer.

To be honest, if I were criminally minded and had stolen $80 million from Qubit, I might be very happy holding out, and seeing if the company could offer me a reward significantly closer to $80 million...

News of the hack is, of course, potentially catastrophic for Qubit and very worrying for its users.  Once again, a cryptocurrency DeFi platform has found its security wanting, and left to beg hackers for the return of stolen funds.  The promise to pay attackers a "bug bounty" reward to its seemingly criminal attackers would itself appear to be legally questionable in some parts of the world.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Popular Devices Are Usually the Safest, Bitdefender Consumer Threat Landscape Report Finds Popular Devices Are Usually the Safest, Bitdefender Consumer Threat Landscape Report Finds
Silviu STAHIE

June 29, 2022

2 min read
CafePress Fined $500,000 for Not Disclosing Data Breach that Compromised 23 Million Accounts CafePress Fined $500,000 for Not Disclosing Data Breach that Compromised 23 Million Accounts
Silviu STAHIE

June 28, 2022

1 min read
Carnival Cruises bruised by $6.25 million fine after series of cyberattacks Carnival Cruises bruised by $6.25 million fine after series of cyberattacks
Graham CLULEY

June 28, 2022

2 min read