Bridge Incident Registry
Incident case

QBridge 2022 zero-value deposit exploit

In January 2022, a logic flaw in QBridge allowed an attacker to submit deposit calls without transferring ETH, mint unbacked xETH on BNB Chain, and use that collateral to withdraw roughly $80 million from Qubit markets.

reviewedcurrent

Incident facts

Incident title
QBridge 2022 zero-value deposit exploit
Bridge
QBridge
Incident date
2022-01-27
Incident type
Exploit
Major incident
Yes
Affected chains
Ethereum, BNB Chain
Affected assets
BNB, WETH, WBTC, USDC, USDT
Attack category
Cross Chain Contract Exploit
Reported loss
$80 million stolen; $90.8 million later damage estimate
Recovery
Unknown
Reimbursement
In Progress
Restart
Not Reopened
Current outcome
Dead After Incident
Resolution
Unresolved
Last reviewed
2026-06-14
Last verified
2026-06-14

Timeline events

  • QBridge exploit disclosed and functions disabled2022-01-28

    Qubit Finance reported an exploit of the QBridge deposit function and disabled supply, redeem, borrow, repay, bridge, and bridge-redemption functions while investigating the incident.

    Exploit DisclosedHigh

  • Qubit compensation plan announced2022-02-08

    Team Mound announced that team-held tokens, debt-financed asset-management proceeds, protocol revenue, and any recovered funds would be directed toward community compensation.

    Compensation Plan AnnouncedHigh

  • Qubit governance transition to DAO announced2022-02-11

    The associated Bunny and Qubit protocols announced a move from development-team-led operation toward DAO governance after the exploit made the prior operating structure unsustainable.

    Governance Transition AnnouncedHigh

  • Qubit lending markets reopened without confirmed QBridge reopening2022-02-22

    Qubit reopened new lending markets with zero initial liquidity and began compensation claims, while the reviewed announcement did not state that QBridge had resumed.

    Market ReopeningHigh

Evidence records

Known unknowns