A blockchain extension by Qubit Finance, a DeFi lending firm, was exploited by a hacker on Thursday night, according to a company release. The add-on known as X-Bridge allows people to exchange tokens between Ethereum and Binance Smart Chain, two of the most popular blockchains.
Cryptocurrency Crime Hit Record $14 Billion in 2021: Research
The attacker garnered a total of $185 million in xETH, or Xpolsive Ethereum, by using malicious data to extract tokens from the Binance Smart Chain that was never deposited into Ethereum, as the code directs, according to a report by blockchain auditing firm CertiK.
Qubit wrote an open letter to the person responsible offering a bounty of as much as $250,000 and requesting to negotiate the return of lost funds which effect “thousands of real people.” The company has disabled certain functions of the X-Bridge while it investigates the issue.
— Qubit Finance (@QubitFin) January 28, 2022
Cybersecurity breaches have become ubiquitous on cryptocurrency trading platforms, leaving investors frustrated and companies suspending services to fix network vulnerabilities. It is a caveat of a system where transactions can only be traced to anonymous serial codes rather than personal identifications. A record $1.3 billion was stolen in DeFi scams and exploits in 2021.
“As we move from an Ethereum-dominant world to a truly multi-chain world, bridges will only become more important,” Connie Lam, head of incident response at CertiK, said in a note. “People need to move funds from one blockchain to another, but they need to do so in ways that are not susceptible to hackers.”
Qubit did not immediately respond to a request for comment.
Copyright 2022 Bloomberg.