Skip to main content
Sign in

Qubit Finance

avoid.net/qubit-finance5/100·88% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·2XhxJq…xJCq

Summary

Qubit Finance was a BSC-based DeFi lending and borrowing protocol developed by South Korean firm Mound Inc., the same team behind PancakeBunny. On January 27, 2022, an attacker exploited a logical flaw in the protocol's Ethereum-BSC cross-chain bridge (QBridge), minting 77,162 qXETH without depositing any real ETH on Ethereum, ultimately draining approximately $80 million in user funds. No funds were recovered, the attacker's identity was never established, and the compensation plan announced by the team was never verifiably fulfilled.

Connected Entities

1 entities · 1 linked investigation
Protocols
Qubit Finance
Relationships
    Also appears in
    Qubit Finance·10
    Have evidence about Qubit Finance?

    Timeline(10 events)

    2020-04

    Mound Inc. incorporated in South Korea.

    2021-04

    Mound Inc. receives $1.6 million seed investment from Binance Labs and IDEO CoLab.

    2021-05-19

    PancakeBunny, Mound's yield aggregator, suffers a flash loan attack draining approximately $45 million.

    2021-07

    Qubit Finance (QBT) launched on BSC as a new lending protocol by Mound Inc.

    2022-01-27

    Attacker exploits QBridge's zero-address bypass to mint 77,162 qXETH on BSC without depositing any ETH on Ethereum, beginning at approximately 21:36 UTC.

    2022-01-28

    Qubit Finance confirms the exploit, identifies attacker wallet 0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7, disables X-Bridge functions, and offers a $250,000 bounty for fund return.

    2022-01-28

    CertiK, SlowMist, and other security firms publish independent post-mortem analyses of the exploit.

    2022-02-08

    Qubit Finance publishes compensation plan: team surrenders its token holdings and announces intent to raise $10 million+ via debt financing. No confirmed disbursements subsequently verified.

    2022-02

    CTO Aaron Yooshin Kim allegedly deletes his LinkedIn profile; alleged removal of victims from official Telegram channels reported by victim advocacy groups.

    2022-02

    Protocol goes dark with no further verified team communications or compensation updates.

    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/30/2026, 6:33:20 PM

    last updated: 5/30/2026, 6:33:23 PM

    avoid.net — verified advice for a post-truth world