Skip to main content
Sign in
Qubit Finance1 decision on this page

Audit log

Every state-changing event for Qubit Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-20 22:36:30Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 421,077,048
    sig
    4ZUJiZMXMzYY…bNoeb2dZexplorer ↗
    hash
    EhzA6kJzwANP…mqBiUenjsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6545 B) ▸
    {"actor":"system:backfill","investigation_id":"d90e7a11-4928-45d2-87e7-45da166374d3","kind":"publish","page_slug":"qubit","published_at":"2026-05-20T22:36:30.745Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Qubit Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://pancakebunny.medium.com/introducing-qubit-qbt-innovating-lending-and-borrowing-on-the-bsc-9f3fe6438f44"},{"credibility":3,"name":"","type":"other","url":"https://pancakebunny.medium.com/pancake-bunny-x-binance-labs-introducing-your-team-mound-288c21209375"},{"credibility":3,"name":"","type":"other","url":"https://qbt.wiki/en/company/mound-inc/"},{"credibility":3,"name":"","type":"other","url":"https://chainbulletin.com/pancakebunny-suffers-from-flash-loan-attack"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/@QubitFin/protocol-exploit-report-305c34540fa3"},{"credibility":3,"name":"","type":"other","url":"https://certik.medium.com/qubit-bridge-collapse-exploited-to-the-tune-of-80-million-a7ab9068e1a0"},{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/our-analysis-of-the-80m-qubit-finance-exploit-b0f272cd8c25"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-qubit-hack-january-2022"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/qubit-rekt"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@QubitFin/protocol-exploit-report-2-30aade4d66de"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://rekt.news/qubit-rekt"},{"credibility":3,"name":"","type":"other","url":"https://certik.medium.com/qubit-bridge-collapse-exploited-to-the-tune-of-80-million-a7ab9068e1a0"},{"credibility":3,"name":"","type":"other","url":"https://bscscan.com/address/0x17b7163cf1dbd286e262ddc68b553d899b93f526"},{"credibility":3,"name":"","type":"other","url":"https://blog.merklescience.com/hacktrack/analysis-of-qubit-finance-exploit"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/@QubitFin/our-compensation-plan-1-63e7c64738ed"},{"credibility":3,"name":"","type":"other","url":"https://www.bitdefender.com/en-us/blog/hotforsecurity/qubit-pleads-with-hacker-to-return-80-million-of-stolen-funds"},{"credibility":3,"name":"","type":"other","url":"https://finance.yahoo.com/news/losing-80-million-qubit-surrenders-110807610.html"},{"credibility":3,"name":"","type":"other","url":"https://www.infosecurity-magazine.com/news/crypto-finance-2m-bug-bounty/"},{"credibility":3,"name":"","type":"other","url":"https://qbt.wiki/en/"},{"credibility":3,"name":"","type":"other","url":"https://tokeninsight.com/en/news/qubit-finance-released-compensation-plan-team-mound-gives-up-all-of-its-tokens-to-compensate-the-community"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2022/01/28/defi-protocol-qubit-finance-exploited-for-80m"},{"credibility":3,"name":"","type":"other","url":"https://www.cpomagazine.com/cyber-security/hackers-exploited-a-logical-flaw-to-steal-80-million-from-defi-platform-qubit-finance/"},{"credibility":3,"name":"","type":"other","url":"https://www.bankinfosecurity.com/defi-platform-qubit-finance-hacked-for-80-million-a-18406"},{"credibility":3,"name":"","type":"other","url":"https://therecord.media/qubit-finance-platform-hacked-for-80-million-worth-of-cryptocurrency"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/132157/qubit-finance-bridge-ethereum-bsc-exploited-lost-80-million"}]}],"sources_used":[],"summary":"Qubit Finance was a Binance Smart Chain lending and cross-chain bridge protocol developed by South Korean firm Mound Inc., the same team behind PancakeBunny. On January 27, 2022, an attacker exploited a logic error in the QBridge Ethereum-BSC bridge to mint approximately 77,162 qXETH tokens without depositing any ETH, then drained roughly $80 million in protocol assets; no funds were ever recovered and the attacker was never identified.","timeline":[{"date":"2021-04-01","event":"Mound Inc. receives $1.6 million seed funding from Binance Labs","source":""},{"date":"2021-05-19","event":"PancakeBunny, Mound Inc.'s other protocol, suffers a $45 million flash loan exploit","source":""},{"date":"2021-11-23","event":"QBridge smart contract first deployed on Binance Smart Chain","source":""},{"date":"2021-11-29","event":"QBridge smart contract first deployed on Ethereum","source":""},{"date":"2022-01-27","event":"Attacker wallet (0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7) funded via Tornado Cash at 9:18 PM UTC","source":""},{"date":"2022-01-27","event":"Attacker submits 16 fraudulent deposit() transactions to QBridge on Ethereum between 9:34 PM and 9:50 PM UTC with zero ETH attached","source":""},{"date":"2022-01-27","event":"BSC relayer processes 16 voteProposal transactions between 9:36 PM and 9:51 PM UTC, minting qXETH for attacker without any real deposit","source":""},{"date":"2022-01-27","event":"Attacker uses minted qXETH as collateral to borrow and extract approximately 206,809 BNB (~$80 million) from the protocol","source":""},{"date":"2022-01-28","event":"Qubit Finance disables all core protocol functions and publicly discloses the exploit","source":""},{"date":"2022-01-28","event":"Qubit team appeals to attacker to return funds, initially offering $250,000 bug bounty","source":""},{"date":"2022-01-29","event":"Qubit team increases bounty offer to $1 million; attacker does not respond publicly","source":""},{"date":"2022-01-31","event":"Bounty offer reported to have been raised to $2 million with no prosecution pledge","source":""},{"date":"2022-02-08","event":"Qubit Finance publishes compensation plan: Team Mound surrenders all tokens to community, commits to debt-funded $10M initial tranche","source":""},{"date":"2022-02-01","event":"Qubit Finance transfers governance authority to community DAO","source":""},{"date":"2022-02-08","event":"Qubit team announces $500,000 bounty for information identifying the attacker, files reports with international law enforcement","source":""},{"date":"2022-01-01","event":"Protocol ceases operations; no funds recovered; attacker never identified or charged","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision d4f014bf-18a4-4dfe-a34e-60013a09aa2a
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.