An attacker hacked the cross-chain bridge smart contract of QANplatform and withdrew QANX tokens worth more than $1 million. The token price collapsed by almost 94%.
The bridge smart contract that is offline was hacked and the attacker managed to withdraw tokens.
Please don’t perform any transactions related to the QANX token.
We are investigating the issue and going to keep you updated.
— QANplatform (@QANplatform) October 11, 2022
PeckShield specialists reported that the hacker swapped assets for about 3,090 BNB (~$0.8m) and ~256 ETH ($0.3m). He began transferring the funds to the Tornado Cash mixer.
#PeckShieldAlert The @QANplatform exploiter has swapped tons of stolen $QANX to ~3,090 $BNB ($837.5k) and ~256 $ETH ($328k) and started to transfer to Mixer (Tornado Cash) https://t.co/6Hn73CxJ5b pic.twitter.com/CsiA9pBgwr
— PeckShieldAlert (@PeckShieldAlert) October 11, 2022
BlockSec experts noted that the hacker exploited the Profanity vulnerability to create vanity addresses. A similar vulnerability was used to deploy the protocol.
We confirmed that @QANplatform deployer address (0x68e8198d5b3b3639372358542b92eb997c5c314a) are vulnerable to the profanity vulnerability. The private keys can be recovered. Multiple attackers have exploited this vulnerability. pic.twitter.com/wlq7ZlmF8I
— BlockSec (@BlockSecTeam) October 11, 2022
BlockSec believes that this bug has been exploited by several attackers. Yet ParaSwap’s team, for example, rejected such suspicions by cybersecurity experts from Supremacy.
1/ Hi @paraswap, I heard that you want to see this? your deployer address private key may have been compromised (possibly due to Profanity vulnerability) and funds have been stolen on multiple chains.https://t.co/ijHaTwAj0l
— Supremacy Inc. (@Supremacy_CA) October 11, 2022
QANplatform developers, after the incident, withdrew liquidity in QANX from decentralized exchanges Uniswap and PancakeSwap. They also paused trading and withdrawals on centralized platforms. According to CoinGecko, the token is listed on BitMart, Gate.io and MEXC Global.
The trading, deposits and withdrawals on CEXes has been paused. The liquidity has been withdrawn from Uniswap and Pancakeswap to mitigate the losses of users and further draining of the liquidity pool.
— QANplatform (@QANplatform) October 11, 2022
The QANX price plummeted by almost 94%, to around $0.0007. The token’s market capitalization stands at around $1.6 million.
In Q3 2022, losses across the Web3 ecosystem from hacks and fraud amounted to $428.7m.
From the total, $399m was due to hacker attacks. The bulk of losses is tied to two incidents — cross-chain protocol Nomad ($190m) and market maker Wintermute ($160m).
Follow ForkLog’s bitcoin news on our Telegram — crypto news, prices and analytics.
The trading, deposits and withdrawals on CEXes has been paused. The liquidity has been withdrawn from Uniswap and Pancakeswap to mitigate the losses of users and further draining of the liquidity pool.
— QANplatform (@QANplatform) October 11, 2022
The QANX price plummeted by almost 94%, down to $0.0007. The token’s market capitalization stands at about $1.6 million.
In Q3 2022, losses across the Web3 ecosystem from hacks and fraud amounted to $428.7m.