Verify a decision

{"actor":"system:backfill","investigation_id":"1d52d2da-2667-498b-8cfc-b5a3fe0ea3a5","kind":"publish","page_slug":"qubit-finance","published_at":"2026-05-30T18:33:23.531Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Qubit Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://pancakebunny.medium.com/introducing-qubit-qbt-innovating-lending-and-borrowing-on-the-bsc-9f3fe6438f44","type":"other","url":""},{"credibility":3,"name":"https://qbt.wiki/en/company/mound-inc/","type":"other","url":""},{"credibility":3,"name":"https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-Qubit-v1.0.pdf","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://certik.medium.com/qubit-bridge-collapse-exploited-to-the-tune-of-80-million-a7ab9068e1a0","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/132157/qubit-finance-bridge-ethereum-bsc-exploited-lost-80-million","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-qubit-hack-january-2022","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/our-analysis-of-the-80m-qubit-finance-exploit-b0f272cd8c25","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2022/01/28/defi-protocol-qubit-finance-exploited-for-80m","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-qubit-hack-january-2022","type":"other","url":""},{"credibility":3,"name":"https://certik.medium.com/qubit-bridge-collapse-exploited-to-the-tune-of-80-million-a7ab9068e1a0","type":"other","url":""},{"credibility":3,"name":"https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-Qubit-v1.0.pdf","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@QubitFin/our-compensation-plan-1-63e7c64738ed","type":"other","url":""},{"credibility":3,"name":"https://www.bitdefender.com/en-us/blog/hotforsecurity/qubit-pleads-with-hacker-to-return-80-million-of-stolen-funds","type":"other","url":""},{"credibility":3,"name":"https://www.bankinfosecurity.com/defi-platform-qubit-finance-hacked-for-80-million-a-18406","type":"other","url":""},{"credibility":3,"name":"https://qbt.wiki/en/company/mound-inc/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-pancakebunny-protocol-hack-may-2021","type":"other","url":""},{"credibility":3,"name":"https://qbt.wiki/en/company/mound-inc/","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/alexandria/article/the-tragicomedy-of-pancakebunny","type":"other","url":""},{"credibility":3,"name":"https://chainbulletin.com/pancakebunny-suffers-from-flash-loan-attack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://certik.medium.com/qubit-bridge-collapse-exploited-to-the-tune-of-80-million-a7ab9068e1a0","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/our-analysis-of-the-80m-qubit-finance-exploit-b0f272cd8c25","type":"other","url":""},{"credibility":3,"name":"https://losslessdefi.medium.com/qubit-finance-hack-post-mortem-the-trail-the-hacker-left-behind-f8afa8a0d010","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-qubit-finance-exploit","type":"other","url":""}]}],"sources_used":[],"summary":"Qubit Finance was a BSC-based DeFi lending and borrowing protocol developed by South Korean firm Mound Inc., the same team behind PancakeBunny. On January 27, 2022, an attacker exploited a logical flaw in the protocol's Ethereum-BSC cross-chain bridge (QBridge), minting 77,162 qXETH without depositing any real ETH on Ethereum, ultimately draining approximately $80 million in user funds. No funds were recovered, the attacker's identity was never established, and the compensation plan announced by the team was never verifiably fulfilled.","timeline":[{"date":"2020-04","event":"Mound Inc. incorporated in South Korea.","source":""},{"date":"2021-04","event":"Mound Inc. receives $1.6 million seed investment from Binance Labs and IDEO CoLab.","source":""},{"date":"2021-05-19","event":"PancakeBunny, Mound's yield aggregator, suffers a flash loan attack draining approximately $45 million.","source":""},{"date":"2021-07","event":"Qubit Finance (QBT) launched on BSC as a new lending protocol by Mound Inc.","source":""},{"date":"2022-01-27","event":"Attacker exploits QBridge's zero-address bypass to mint 77,162 qXETH on BSC without depositing any ETH on Ethereum, beginning at approximately 21:36 UTC.","source":""},{"date":"2022-01-28","event":"Qubit Finance confirms the exploit, identifies attacker wallet 0xd01ae1a708614948b2b5e0b7ab5be6afa01325c7, disables X-Bridge functions, and offers a $250,000 bounty for fund return.","source":""},{"date":"2022-01-28","event":"CertiK, SlowMist, and other security firms publish independent post-mortem analyses of the exploit.","source":""},{"date":"2022-02-08","event":"Qubit Finance publishes compensation plan: team surrenders its token holdings and announces intent to raise $10 million+ via debt financing. No confirmed disbursements subsequently verified.","source":""},{"date":"2022-02","event":"CTO Aaron Yooshin Kim allegedly deletes his LinkedIn profile; alleged removal of victims from official Telegram channels reported by victim advocacy groups.","source":""},{"date":"2022-02","event":"Protocol goes dark with no further verified team communications or compensation updates.","source":""}]},"v":1}