Qubit reported that its QBridge deposit function was exploited after an obsolete deposit path remained active when depositETH support changed ETH handling to a zero address. The attacker sent 16 Ethereum-side deposit transactions and corresponding BSC voteProposal transactions, minting xETH without transferring WETH and then using the fraudulent xETH as collateral to drain Qubit liquidity. Qubit disabled supply, redeem, borrow, repay, bridge, and bridge-redemption functions while tracking the exploiter, monitoring affected assets, contacting the actor with a bounty offer, and coordinating with Binance and security partners.