Join today to get full access to our basics to advance crypto courses, exclusive insights, research & analysis.

X-Bridge, the ETH-BSC bridge of Qubit Finance exploited for over $80M

28 Jan 2022 : 13:50
2 min read
  • X-Bridge, an ETH-BSC bridge for Qubit Finance was hacked for $80M
  • The attacker had initially made $185 million but made off only with $80M
  • Report from CertiK says that the attacker took advantage of “logical error” in the contract

The cross-chain bridge of Decentralized Finance (DeFi) protocol Qubit Finance, X-Bridge has been hacked and the amount of funds lost in the process amounts to nearly $80 million. This is the biggest DeFi hack as of now in 2022. 

“Logical error” in X-Bridge contract

As per the official medium blog which explained the entire scenario, there was a “logical error” in the smart contract of X-Bridge. Qubit said in the blog that the hackers took advantage of the QBridge deposit function.

The X-Bridge is a bridge that can be used to send ERC-20 tokens and receive BEP-20 tokens in return. In short, it facilitates the swapping of cryptocurrencies across Ethereum and the Binance Smart Chain. 

Furthermore, CertiK, a blockchain audit and security firm, also explained the entire hack procedure in another Medium blog in which the attacker ended up with a total of 77,162 qXETH which amounts to somewhere around $185 million. 

qXETH used as collateral

The X-Bridge attacker used the 77,162 qXETH as collateral and borrowed other tokens from the lending pools which were worth $80 million. These assets include 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), around $9.5 million worth of various Stablecoins, and about $5 million worth of CAKE, MDX, and BUNNY tokens.

While the X-Bridge attacker actually made the attack worth $185 million, they were able to obtain only $80 million in profit. The actions taken by the team include tracking the explorer and “cooperating with security and network partners, including Binance.”

The protocol exploit report from Qubit Finance said that the development team is taking actions and added: “Supply, Redeem, Borrow, Repay, Bridge, and Bridge redemption functions are disabled until further notice. Claiming is available.”

About Author

Anisha Pandey

More articles by this author

A writer, an artist, an engineer, and a girl with a colorful mind, Anisha believes in achieving results smartly and diligently.

Post a Comment


Delivered daily, straight to your inbox.