Qubit's QBridge exploit allowed minting of unlimited xETH collateral by depositing zero ETH on Ethereum via a logic error.
Qubit Finance's QBridge contract contained a critical vulnerability allowing attackers to call the deposit() function with zero ETH and still receive xETH tokens on BSC as collateral. The attacker then used this collateral to borrow all available assets from QBridge's liquidity pools. The bug stemmed from failing to check for zero-value deposits.
206,809 BNB quickly dispersed across multiple BSC wallets. Qubit team published an on-chain message requesting fund return with a $250K bounty offer. Attackers never responded. Funds subsequently routed through cross-chain bridges and exchanged for stablecoins on multiple DEXes.
0xa6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b