On October 11, according to on-chain monitoring , Numen Cyber labs found that the QANplatform cross-chain bridge project was attacked, which was suspected to be caused by the leakage of the private key. It caused approximately $1.9 million losses and the price of QANX also plummeted by 93%. Currently, the trading, deposit and withdrawal functions of CEX have been suspended. The project team said that they had taken a snapshot of the state before the attack, and the liquidity in the Uniswap and Pancakeswap pools was withdrawn. New tokens will be airdropped to users to reduce their losses.
As we all know, the security of wallet private key is also the top priority of asset security. It is recommended that users keep it properly and do not use insecure tools to generate wallet addresses. Next, let’s take a closer look at this attack.
Private key leaks wallet address:
https://bscscan.com/address/0x68e8198d5b3b3639372358542b92eb997c5c314a
Hacker address:
https://etherscan.io/address/0xf163a6cab228085935fa6c088f9fc242afd4fb11
BSC attack transaction:
https://bscscan.com/tx/0xf93047e41433d73ddf983cfa008aeb356ec89803c0a92b0e97ccdc6c42a13f51
ETH attack transaction:
https://etherscan.io/tx/0x048a1a71fd41102c72427cc1d251f4ecbf70558562564306e919f66fd451fe82
Attack Analysis
- Firstly, the hacker initiated a transaction on BSC using the address of 0x68e8198d5b3b3639372358542b92eb997c5c314a,then call the bridgeWithdraw function in the cross-chain bridge contract BridgeQANX to transfer 1444169100 QANX tokens to the wallet address 0xF163A6cAB228085935Fa6c088f9Fc242AFD4FB11.
2. The hacker then continued to use the address 0x68e8198d5b3b3639372358542b92eb997c5c314a to initiate a transaction on ETH, and then called the bridgeWithdraw function of the cross-chain bridge contract BridgeQANX to transfer 1431880339 QANX tokens to the wallet address 0xF163A6cAB228085935Fa6c088f9Fc242AFD4FB11.
3. We analyzed the details of both transactions. The caller of the two attack transactions is the wallet address 0x68e8198d5b3b3639372358542b92eb997c5c314a, and the creator of the cross-chain bridge contract is the same address . Therefore, we believe that this attack may be caused by the leakage of the private key of the project party.
4. At present, the hacker has exchanged the QANX tokens of the BSC chain to BNB and transferred them through Tornado.Cash. There are still 105,277,9073 tokens on the ETH chain currently in the hacker’s address.
Summary
Numen Cyber Labs will continue to pay attention to the capital flow of this attack and the follow-up remedial measures of the project party. It also reminds users and project parties to pay attention to the custody of their wallet private keys and mnemonics, and not to use untrustworthy tools to Generate wallet addresses, as they are the keys to open your wallet and may cause direct loss of your assets.
For the latest update, welcome follow our twitter https://twitter.com/numencyber.