Qubit Finance revealed last week that attackers exploited a vulnerability in its QBridge deposit function, resulting in a loss of $80m. The hackers stole a large amount of Ethereum by converting it into Binance coins and exploiting the vulnerability to withdraw the Binance tokens without depositing any of the Ethereum. Qubit has addressed the attackers directly on Twitter: “We propose you to negotiate directly with us before taking any further action. The exploit and loss of funds have a profound effect on thousands of real people. If the maximum bounty is now what you are looking for, we are open to have a conversation. Let’s figure out a solution.”
The firm has offered a “maximum” bug bounty and stated no charges would be pressed if the funds are returned. In two subsequent follow ups, the firm increased the initial bounty to $1m and then to $2m.