Hedera, the team behind the Hedera Hashgraph distributed ledger, has confirmed a smart contract exploit on the Hedera mainnet that led to the theft of several liquidity pool tokens.
Hedera said the attacker targeted decentralized exchange (DEX) liquidity pool tokens that derived their code from Ethereum’s Uniswap v2, which was ported for use in the Hedera Token Service.
Today, attackers used the Smart Contract Service code on the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account. (1/6)
— Hedera (@hedera) March 10, 2023
The Hedera team explained that the suspicious activity was discovered when the attacker tried to move the stolen tokens through the Hashport bridge, which consists of SaucerSwap, Pangolin and HeliSwap liquidity pool tokens. Operators responded immediately to temporarily shut down the bridge.
Hedera did not confirm the amount of tokens that were stolen.
On Feb. 3 Hedera renewed network to convert Ethereum Virtual Machine (EVM) compatible smart contract code into Hedera Token Service (HTS).
Part of this process involves decompiling the Ethereum contract bytecode to HTS, which is where Based on Hedera DEX Plate exchange believes the attack vector comes from. However, Hedera did not confirm this in his latest post.
Hedera previously managed to shut down network access by shutting down IP proxies on March 9. The team said it has identified the “root cause” of the exploit and is “working on a solution.”
To prevent an attacker from being able to steal more tokens, Hedera shut down the main proxy servers, which removed user access to the main network. The team has identified the root cause of the problem and is working on a solution. (5/6)
— Hedera (@hedera) March 10, 2023
“Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code to the mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal operations to resume” , the team added.
Because Hedera shut down proxies shortly after discovering the potential exploit, the team suggested token holders check the balances of their account ID and Ethereum Virtual Machine (EVM) address on hashscan.io for their own “comfort”.
All HashPack functionality will be unavailable during this downtime https://t.co/ngaRmg00Zi
— HashPack Wallet (@HashPackApp) March 9, 2023
Connected: The Hedera Board will purchase an IP address with a hashgraph and open source project code
The price of the Hedera network token (HBAR) has fallen 7% since the incident about 4 p.m. ago, according to broader market decline over the past 24 hours.
However, SaucerSwap’s Total Locked Value (TVL) fell nearly 30% from $20.7 million to $14.58 million over the same time period:
The drop suggests that a significant amount of token holders acted quickly and withdrew their funds after the initial discussion of a potential exploit.
The incident potentially ruined an important milestone for the network, with Hedera Mainnet surpassing 5 billion transactions on March 9.
#Hedera: 5 BILLION mainnet transactions!
Real deals. Real applications. The real world #usefulness. Are you watching?
We are witnesses #DLT adoption on an unprecedented scale.
This is only the beginning. pic.twitter.com/n0TbWTJmC0
— Hedera (@hedera) March 8, 2023
This appears to be the first reported network exploit of Hedera since its launch in July 2017.
#Hedera #confirms #mainnet #exploit #led #theft #service #tokens
