"Not even quantum cryptography is 100-percent secure". According to Jan-Ake Larsson, associate professor of applied mathematics at Linkoping University:

There is a theoretical possibility that an unauthorized person can extract the key without being discovered, by simultaneously manipulating both the quantum-mechanical and the regular communication needed in quantum cryptography.

He does propose a patch, which should be secure (unless/until someone finds another hole.)