The attacker hacked the QANplatform cross-chain bridge contract and withdrew QANX tokens worth more than $1 million. The price of the coin has fallen by almost 94%.
PeckShield specialists reported that the hacker exchanged assets for ~3090 BNB (~$0.8 million) and ~256 ETH ($0.3 million). He started transferring funds to the Tornado Cash mixer.
Experts from BlockSec noted that the hacker used the vulnerability of the Profanity tool to create personalized “vanity addresses” (vanity address). A similar one was used to deploy the protocol.
BlockSec believes that several attackers have already taken advantage of this bug.
However, the ParaSwap platform team, for example, refuted such suspicions of cybersecurity specialists from Supremacy.
After the incident, the developers of QANplatform withdrew liquidity in QANX from the decentralized exchanges Uniswap and PancakeSwap. They have also suspended trading and withdrawals on centralized platforms. According to CoinGecko, the token is in the BitMart listing, Gate.io and MEXC Global.
The price of QANX collapsed by almost 94%, to the level of $0.0007. The market capitalization of the token is ~ $1.6 million.
Recall that in the third quarter of 2022, the losses of the Web3 ecosystem from hacking and fraud amounted to $428.7 million.
Of the total figure, hacker attacks accounted for $399 million. Most of the losses are related to two incidents — the Nomad cross-chain protocol ($190 million) and the Wintermute market maker ($160 million).