Protocol Exploit Report 3
Contents
Protocol Exploit Report 3
TL;DR
- All of the funds are still on-chain and they are monitored by the team and our partners.
- The team working with all of the centralized exchanges to block the transfer of funds off-chain and to identify the exploiter if the attempt is made
Timeline
Immediately after the incident, the Qubit Finance team stopped operating the service, and now the team is tracking the exploiter’s activities through cooperation with a security company.
- Jan-27–2022 09:18:55 PM +UTC, 0.8887725 ETH sent from tornado to attacker account
Refer to the transactions [1] at the end of this report
- Jan-27–2022 09:19:41 PM +UTC, Attacker sent transaction (‘Deposit ETH’) to secure the BNB funds needed for the attack
- Transaction ID [2,3]
- Jan-27–2022 09:34:01 PM +UTC, The exploiter calls the ‘Deposit’ function 16 times, where the logic bug exists, and creates xETH in bulk on the BSC without depositing ETH on the Ethereum network
- Transaction ID …
TL;DR
- All of the funds are still on-chain and they are monitored by the team and our partners.
- The team working with all of the centralized exchanges to block the transfer of funds off-chain and to identify the exploiter if the attempt is made
Timeline
Immediately after the incident, the Qubit Finance team stopped operating the service, and now the team is tracking the exploiter’s activities through cooperation with a security company.
- Jan-27–2022 09:18:55 PM +UTC, 0.8887725 ETH sent from tornado to attacker account
Refer to the transactions [1] at the end of this report
- Jan-27–2022 09:19:41 PM +UTC, Attacker sent transaction (‘Deposit ETH’) to secure the BNB funds needed for the attack
- Transaction ID [2,3]
- Jan-27–2022 09:34:01 PM +UTC, The exploiter calls the ‘Deposit’ function 16 times, where the logic bug exists, and creates xETH in bulk on the BSC without depositing ETH on the Ethereum network
- Transaction ID …