Hedera confirms that the mainnet exploit led to the theft of service tokens

Hedera, the team behind the Hedera Hashgraph distributed ledger, has confirmed a smart contract exploit on the Hedera mainnet that led to the theft of several liquidity pool tokens.

Hedera said the attacker targeted decentralized exchange (DEX) liquidity pool tokens that derived their code from Ethereum’s Uniswap v2, which was ported for use in the Hedera Token Service.

The Hedera team explained that the suspicious activity was discovered when the attacker tried to move the stolen tokens through the Hashport bridge, which consists of SaucerSwap, Pangolin and HeliSwap liquidity pool tokens. Operators responded immediately to temporarily shut down the bridge.

Hedera did not confirm the amount of tokens that were stolen.

On Feb. 3 Hedera renewed network to convert Ethereum Virtual Machine (EVM) compatible smart contract code into Hedera Token Service (HTS).

Part of this process involves decompiling the Ethereum contract bytecode to HTS, which is where Based on Hedera DEX Plate exchange believes the attack vector comes from. However, Hedera did not confirm this in his latest post.

Hedera previously managed to shut down network access by shutting down IP proxies on March 9. The team said it has identified the “root cause” of the exploit and is “working on a solution.”

“Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code to the mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal operations to resume” , the team added.

A notice posted by Hedera on its status webpage warns users that its network will be unavailable. source: Hedera

Because Hedera shut down proxies shortly after discovering the potential exploit, the team suggested token holders check the balances of their account ID and Ethereum Virtual Machine (EVM) address on hashscan.io for their own “comfort”.

Connected: The Hedera Board will purchase an IP address with a hashgraph and open source project code

The price of the Hedera network token (HBAR) has fallen 7% since the incident about 4 p.m. ago, according to broader market decline over the past 24 hours.

However, SaucerSwap’s Total Locked Value (TVL) fell nearly 30% from $20.7 million to $14.58 million over the same time period:

SaucerSwap’s TVL plummeted following news of the exploit. source: DefiLlama

The drop suggests that a significant amount of token holders acted quickly and withdrew their funds after the initial discussion of a potential exploit.

The incident potentially ruined an important milestone for the network, with Hedera Mainnet surpassing 5 billion transactions on March 9.

This appears to be the first reported network exploit of Hedera since its launch in July 2017.