Last week, Cybercriminals stole approximately $80 million in cryptocurrency from Qubit, a decentralized finance (DeFi) platform. Over the weekend, a large number of Qubit users expressed situations of devastating financial loss on social media platforms. Qubit announced it had obtained funding to offer a $2 million bounty for the return of the $80 million in cryptocurrencies.
The theft was accomplished due to a bug in the bridge software Qubit deployed to buy and sell cryptocurrencies. Criminals were able to isolate a faulty deposit function, which according to Qubit should have been deleted after initial testing. The function allowed a user to purchase credit on the Qubit platform without checking whether more than $0 of cryptocurrency collateral was deposited. As a result, the cyber criminals were able to purchase a near infinite amount of credit and then cash out all of the collateral cryptocurrency on the platform.
Qubit has said it is working with all other major cryptocurrency exchanges in order to freeze or prevent transactions from the cryptocurrency wallet in which the $80 million was deposited, and that for now all funds seem to be in this wallet. So far, they have been unable to freeze the wallet, however.
This is the third disclosed breach of the Qubit platform. The $80 million stolen puts this theft as among the 7th largest thefts from DeFi platforms, the largest being the $650 million theft from Poly Networks last year. Reports from “TheStreet” estimate approximately $3 billion has been stolen in total from DeFi platforms. Cryptocurrency investing remains speculative and a large number of thefts have been based on insufficient security and operations guidelines applied to development of the software-based currency exchanges. Cryptocurrency transactions have grown in lockstep in with recent surges in cybercrime and money laundering.