← Qubit Finance1 decision on this page

Audit log

Every state-changing event for Qubit Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-30 18:33:23Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 423,211,623
sig
2XhxJqbdrQ7h…Z4QdxJCqexplorer ↗
hash
9x2vvVGWgt8Z…gsY7H89Rsha256 → base58
verifying row…full verify ↗
canonical bytes (5933 B) ▸
{"actor":"system:backfill","investigation_id":"1d52d2da-2667-498b-8cfc-b5a3fe0ea3a5","kind":"publish","page_slug":"qubit-finance","published_at":"2026-05-30T18:33:23.531Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Qubit Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://pancakebunny.medium.com/introducing-qubit-qbt-innovating-lending-and-borrowing-on-the-bsc-9f3fe6438f44","type":"other","url":""},{"credibility":3,"name":"https://qbt.wiki/en/company/mound-inc/","type":"other","url":""},{"credibility":3,"name":"https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-Qubit-v1.0.pdf","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://certik.medium.com/qubit-bridge-collapse-exploited-to-the-tune-of-80-million-a7ab9068e1a0","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/132157/qubit-finance-bridge-ethereum-bsc-exploited-lost-80-million","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-qubit-hack-january-2022","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/our-analysis-of-the-80m-qubit-finance-exploit-b0f272cd8c25","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2022/01/28/defi-protocol-qubit-finance-exploited-for-80m","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-qubit-hack-january-2022","type":"other","url":""},{"credibility":3,"name":"https://certik.medium.com/qubit-bridge-collapse-exploited-to-the-tune-of-80-million-a7ab9068e1a0","type":"other","url":""},{"credibility":3,"name":"https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-Qubit-v1.0.pdf","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@QubitFin/our-compensation-plan-1-63e7c64738ed","type":"other","url":""},{"credibility":3,"name":"https://www.bitdefender.com/en-us/blog/hotforsecurity/qubit-pleads-with-hacker-to-return-80-million-of-stolen-funds","type":"other","url":""},{"credibility":3,"name":"https://www.bankinfosecurity.com/defi-platform-qubit-finance-hacked-for-80-million-a-18406","type":"other","url":""},{"credibility":3,"name":"https://qbt.wiki/en/company/mound-inc/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-pancakebunny-protocol-hack-may-2021","type":"other","url":""},{"credibility":3,"name":"https://qbt.wiki/en/company/mound-inc/","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/alexandria/article/the-tragicomedy-of-pancakebunny","type":"other","url":""},{"credibility":3,"name":"https://chainbulletin.com/pancakebunny-suffers-from-flash-loan-attack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://certik.medium.com/qubit-bridge-collapse-exploited-to-the-tune-of-80-million-a7ab9068e1a0","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/our-analysis-of-the-80m-qubit-finance-exploit-b0f272cd8c25","type":"other","url":""},{"credibility":3,"name":"https://losslessdefi.medium.com/qubit-finance-hack-post-mortem-the-trail-the-hacker-left-behind-f8afa8a0d010","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-qubit-finance-exploit","type":"other","url":""}]}],"sources_used":[],"summary":"Qubit Finance was a BSC-based DeFi lending and borrowing protocol developed by South Korean firm Mound Inc., the same team behind PancakeBunny. On January 27, 2022, an attacker exploited a logical flaw in the protocol's Ethereum-BSC cross-chain bridge (QBridge), minting 77,162 qXETH without depositing any real ETH on Ethereum, ultimately draining approximately $80 million in user funds. No funds were recovered, the attacker's identity was never established, and the compensation plan announced by the team was never verifiably fulfilled.","timeline":[{"date":"2020-04","event":"Mound Inc. incorporated in South Korea.","source":""},{"date":"2021-04","event":"Mound Inc. receives $1.6 million seed investment from Binance Labs and IDEO CoLab.","source":""},{"date":"2021-05-19","event":"PancakeBunny, Mound's yield aggregator, suffers a flash loan attack draining approximately $45 million.","source":""},{"date":"2021-07","event":"Qubit Finance (QBT) launched on BSC as a new lending protocol by Mound Inc.","source":""},{"date":"2022-01-27","event":"Attacker exploits QBridge's zero-address bypass to mint 77,162 qXETH on BSC without depositing any ETH on Ethereum, beginning at approximately 21:36 UTC.","source":""},{"date":"2022-01-28","event":"Qubit Finance confirms the exploit, identifies attacker wallet 0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7, disables X-Bridge functions, and offers a $250,000 bounty for fund return.","source":""},{"date":"2022-01-28","event":"CertiK, SlowMist, and other security firms publish independent post-mortem analyses of the exploit.","source":""},{"date":"2022-02-08","event":"Qubit Finance publishes compensation plan: team surrenders its token holdings and announces intent to raise $10 million+ via debt financing. No confirmed disbursements subsequently verified.","source":""},{"date":"2022-02","event":"CTO Aaron Yooshin Kim allegedly deletes his LinkedIn profile; alleged removal of victims from official Telegram channels reported by victim advocacy groups.","source":""},{"date":"2022-02","event":"Protocol goes dark with no further verified team communications or compensation updates.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 4cef4bd5-c1b7-4105-a93d-6dcb5fa473a8

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.