Qubit’s third exploit report traces the post-exploit movement of stolen assets after the team stopped service and began monitoring the exploiter with security partners. The attacker used the QBridge deposit logic bug to create xETH on BSC without depositing ETH, withdrew Qubit assets with that xETH as collateral, and then swapped and bridged funds across PancakeSwap, Ellipsis, Celer, Curve, and Ethereum. The report identifies several new wallets used to move BNB, USDC, USDT, and ETH, and says the stolen assets ultimately remained on-chain in monitored Ethereum and BSC wallets. Qubit also noted attempts to communicate with the exploiter and coordination with centralized exchanges to block off-chain movement.