Layer 1 blockchain QANplatform, which touts itself as resistant to attacks aided by quantum computing power, was today the target of a bridge hack that resulted in the theft of 1.4 billion QANX tokens (just over a million dollars).
Blockchain security company Peckshield was the first to flag the attack in a QANplatform-tagged tweet early Tuesday morning. The initial heist looted over 1.4 billion QANX tokens, according to Etherscan, and was followed by additional smaller transactions to the same address, this time sending 28.6 million QANX, or roughly $20,500.
Shortly after Peckshield got in touch, QANplatform tweeted its own announcement, asking people not to perform any transactions with $QANX. A follow-up tweet said that all trading, withdrawals, and deposits on centralized exchanges had been paused.
The trading, deposits and withdrawals on CEXes has been paused. The liquidity has been withdrawn from Uniswap and Pancakeswap to mitigate the losses of users and further draining of the liquidity pool.
— QANplatform (@QANplatform) October 11, 2022
Decrypt reached out to a representative from Peckshield who explained the attacker's steps: “The exploiter withdrew ~1.4B QANX from the deployer's address and swapped it for ~3,090 $BNB ($837.5k) and ~256 $ETH ($328k). Let's say it’s about $1.2 million in total.”
Peckshield also confirmed it was not investigating the theft with QANplatform.
QANplatform joins list of bridge hacks
Blockchain bridges, which connect different blockchain ecosystems, have become a common target among crypto hackers. Earlier this year, Axie Infinity developer Sky Mavis was the target of one of the largest hacks of all time.
On March 23, the attackers drained 173,600 Ethereum and 25.5 million USDC stablecoins from the bridge connecting Sky Mavis’s custom Ronin sidechain to Ethereum. The historic $622 million theft wasn’t discovered until March 29, however.
In the wake of the attack, popular exchange Binance led a $150 million funding round to reimburse victims. Contributors included Animoca, the company behind the popular crypto game The Sandbox, and tech venture capital firm a16z.
Another Binance-affiliated entity was last week the target of another colossal bridge hack.
On Friday, attackers were able to steal $100 million in cryptocurrencies from the “cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC),” according to an official post.