Quantum-resistant Layer 1 blockchain QANplatform has suffered a malicious exploit to its bridge platform, resulting in the theft of $1 million worth of tokens, according to data from Etherscan.
“The bridge Smart contract that is offline was hacked and the attacker managed to withdraw tokens,” QANplatform said, confirming the hack.
Data from Etherscan shows two bulk withdrawals from the project’s bridge took place between 08:17 AM and 09. 40 AM UTC on Oct. 11. These two withdrawals totaled roughly 1.46 billion QANX tokens — worth about $1 million at the time of the attack. One of the addresses involved in the attack has also been linked to other Phishing attacks.
Bridge security has become a major issue in the crypto industry following several major attacks. For example, earlier in October, a hacker stole $100 million from the BNB Chain cross-chain bridge.
>>> Related: BNB Chain back online after devs deploy update to save funds
Today’s hack may also be related to the profanity address vulnerability that has also plagued other projects. This particular vulnerability has to do with vanity addresses — special custom addresses created by users. Security researchers previously identified a weakness associated with these addresses, through which their private keys can be “brute-forced.”
According to blockchain security outfit BlockSec, the QANplatform’s deployer address is vulnerable to the bug. As such, it is possible that the attacker may have been able to uncover the private keys and used them to withdraw funds from the bridge.
The QANplatform token has crashed 94% since a hacker stole $1 million from its crypto bridge. Image: CoinGecko.
The QANplatform hacker has already begun to sell the tokens on Uniswap for ether (ETH). As of the time of publishing, the attacker has sold approximately 30% of the stolen funds in exchange for 230 ETH, worth $295,000. This selloff and the news of the hack have seen the QANX token take a massive tumble, dropping 94% from $0.012 to $0.0007 in less than an hour.
The attacker may now face some difficulties in disposing of the remainder of the stolen funds. QANplatform has withdrawn liquidity for its token from both Uniswap and Pancakeswap. “The trading, deposits and withdrawals on CEXes has been paused,” the team added. (CEXes, in this context, refer to centralized exchanges.) QANX is listed on centralized exchanges such as BitMart, MEXC Global and Gate.io.
QANplatform also urged users not to conduct any transactions with the QANX token, and noted that it is investigating the incident. “Most likely we are going to do a snapshot before the hack and Airdrop tokens according to it,” the project stated.
