Qubit posted a report breaking down what happened, and the company was rapid to get it out. The event took place around 5 pm ET on January 27, 2022. The report on Medium was posted at around 3 am ET, which means it took the firm around 10 hours to acknowledge the hack completely.
However, as good as the response time is, Qubit didn’t mention that it would return lost funds to its users, which is what Crypto.com did when it suffered a similar theft.
As far as how the attack happened, Qubit says, “The attacker called the QBridge deposit function on the Ethereum network, which calls the deposit function QBridgeHandler … In summary, the deposit function was a function that should not be used after depositETH was newly developed, but it remained in the contract.”
Qubit also explained what actions it took:
The purpose of Qubit is to serve as a “bridge” that allows deposits to be made in one cryptocurrency and withdrawn in another. As such, there’s a lot of money moving through its service, which is why the attackers were able to steal such a large sum.
It appears that the company is offering a large sum to the attacker in the form of a bug bounty, which could lead to the funds being returned, but we’ll have to wait and see if that happens.
— Qubit Finance (@QubitFin) January 28, 2022
Perhaps the hacker will listen to the appeal posted on Twitter by Qubit because a significant theft like this could destroy the reputation of the service.
RELATED: What is Ethereum, and What Are Smart Contracts?