Qubit Finance Hack 2022 — $80M Exploit Analysis

Qubit's QBridge exploit allowed minting of unlimited xETH collateral by depositing zero ETH on Ethereum via a logic error.

Details

Full Description

Qubit Finance's QBridge contract contained a critical vulnerability allowing attackers to call the deposit() function with zero ETH and still receive xETH tokens on BSC as collateral. The attacker then used this collateral to borrow all available assets from QBridge's liquidity pools. The bug stemmed from failing to check for zero-value deposits.

Laundering Analysis

206,809 BNB quickly dispersed across multiple BSC wallets. Qubit team published an on-chain message requesting fund return with a $250K bounty offer. Attackers never responded. Funds subsequently routed through cross-chain bridges and exchanged for stablecoins on multiple DEXes.

Sources

Transaction Hashes

Related Hacks

Back to Browse