Layer 1 blockchain QANplatform, which touts itself as resistant to attacks aided by quantum computing power, was today the target of a bridge hack that resulted in the theft of 1.4 billion QANX tokens (just over a million dollars).
Blockchain security company Peckshield was the first to flag the attack in a QANplatform-tagged tweet early Tuesday morning. The initial heist looted over 1.4 billion QANX tokens, according to Etherscan, and was followed by additional smaller transactions to the same address, this time sending 28.6 million QANX, or roughly $20,500.
Shortly after Peckshield got in touch, QANplatform tweeted its own announcement, asking people not to perform any transactions with $QANX. A follow-up tweet said that all trading, withdrawals, and deposits on centralized exchanges had been paused.
Decrypt reached out to a representative from Peckshield who explained the attacker's steps: “The exploiter withdrew ~1.4B QANX from the deployer's address and swapped it for ~3,090 $BNB ($837.5k) and ~256 $ETH ($328k). Let's say it’s about $1.2 million in total.”
Peckshield also confirmed it was not investigating the theft with QANplatform.
QANplatform joins list of bridge hacks
Blockchain bridges, which connect different blockchain ecosystems, have become a common target among crypto hackers. Earlier this year, Axie Infinity developer Sky Mavis was the target of one of the largest hacks of all time.
On March 23, the attackers drained 173,600 Ethereum and 25.5 million USDC stablecoins from the bridge connecting Sky Mavis’s custom Ronin sidechain to Ethereum. The historic $622 million theft wasn’t discovered until March 29, however.
Decentralized finance (DeFi) refers to blockchain applications that cut out middlemen from financial products and services like loans, savings, and swaps. While DeFi comes with high rewards, it also carries plenty of risks.
Since just about anyone can spin up a DeFi protocol and write some smart contracts, flaws in the code are common. And in DeFi, there are many unscrupulous actors ready and able to exploit those flaws. When that happens, millions of dollars are put on the line, often with no...
In the wake of the attack, popular exchange Binance led a $150 million funding round to reimburse victims. Contributors included Animoca, the company behind the popular crypto game The Sandbox, and tech venture capital firm a16z.
Another Binance-affiliated entity was last week the target of another colossal bridge hack.
On Friday, attackers were able to steal $100 million in cryptocurrencies from the “cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC),” according to an official post.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
