On January 28, the Qubit Finance team posted on its Twitter feed that a malicious attacker had abused the protocol to create unlimited tokens on a Binance Smart Chain (BSC). Hackers created unlimited ETH for borrowing at BSC. The team is currently working with security and network partners to look for a solution. PeckShield, an auditing firm specializing in blockchain security and smart contracts, confirmed this exploit. The latest update from the DeFi Protocol team has shown that it has continued to track abusers, monitored affected assets, and contacted hackers to offer maximum incentives.
The RugDoc, a feed that monitors DeFi exploits, said the BSC-based PancakeBunny protocol was hacked for the third or fourth time. According to BSCscan, addresses using the protocol included 206,809 BNB (USD 79.7 million). CertiK Security reported that a hacker accessed the deposit feature of the QBridge contract but did not make a deposit.
The hacker has repeated this process several times to increase the loot totaling about USD 80 million. According to DeFi Yield’s Rekt database, this hack is the seventh largest loot. Last month, after Brinc Finance was looted for USD 1.1 million, the Grim Finance protocol lost USD 30 million in a week of loot.