Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

QANX Bridge suffers $1.16 million loss caused by the Profanity vanity address vulnerability

On September 15, a blockchain security firm disclosed a vulnerability affecting Profanity, a tool that allowed people to generate "vanity" crypto wallet addresses: addresses containing specified strings of characters. This affected some individuals with vanity addresses, but has also enabled subsequent attacks on projects that used vanity addresses, such as the Wintermute exploit on September 20.

On October 11, the QANX Bridge's deployer wallet was compromised thanks to the vanity address generator bug. Although QAN had not directly used the Profanity project to generate the address, they used a project called vanity-eth-gpu, which had derived its code from Profanity and so inherited the bug. QAN is a layer 1 blockchain that claims to be quantum-resistant.

The thief stole 1.44 billion QANX from QANX's BNB Chain bridge, which they traded for 3,090 BNB (~$837,000) and tumbled through Tornado Cash. One minute later, they drained 1.43 billion QANX from QANX's Ethereum bridge, traded it for 255.4 ETH (~$327,000), and tumbled it as well. In total, $1.16 million was cashed out via Tornado. News of the attack, and the attacker's sell-off, caused the QANX price to plummet by 94%.

The attacker still holds more than 1 million QANX, nominally worth $608,000. However, QAN withdrew liquidity for the project on Uniswap and Pancakeswap, which will make it more difficult for the attacker to sell off their remaining tokens.

This was the second theft affecting the QAN platform this year. In May, an attacker stole 4.4 million QANX, which they traded for 370 ETH (valued at ~$707,000 at the time).

Theme tags: Hack or scam
Blockchain tags: Blockchain: BNB Chain, Ethereum

"Quantum-resistant" blockchain QAN suffers bridge attack

The $QANX token for the QAN project suddenly plummeted in value as an attacker stole more than 4 million QANX from the project. The attacker subsequently swapped the tokens for around 370 ETH ($707,000). In a video posted to Twitter, the project CEO stated that it was "definitely a bridge issue", and that they'd shut down the project's bridge. They also said they had contacted exchanges to freeze the wallets that had been involved in the "issue".

QAN describes itself as a blockchain that helps "resist quantum attacks", though apparently not the types of bridge attacks that have become fairly common in the past year or so.

Theme tags: Hack or scam, Hmm

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.