Hedera Acknowledges Exploitation Of Mainnet Resulting In Service Token Theft

The network or its consensus layer has not been affected by the intelligent contract exploit on March 9. The Hedera team, in charge of the Hedera Hashgraph distributed ledger, has confirmed that the exploit caused some liquidity pool tokens to be stolen from the Hedera Mainnet.

Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account. (1/6)

— Hedera (@hedera) March 10, 2023

Hedera stated that the assailant focused on liquidity pool tokens on decentralized exchanges (DEXs) based on Uniswap v2 code from Ethereum. This code was adapted for implementation on the Hedera Token Service.

The company team detected suspicious activity when the attacker tried to transfer the stolen tokens using the Hashport bridge. Liquidity pool tokens were available on SaucerSwap, Pangolin, and HeliSwap. The operators responded quickly and temporarily halted the bridge.

Company did not confirm the exact number of tokens that were stolen. On February 3, Hedera updated their network to facilitate the conversion of Ethereum Virtual Machine (EVM)-compatible smart contract code onto the Hedera Token Service (HTS).

SaucerSwap, a Hedera-based DEX, suspects that the attack vector originated from the HTS. Which is where Ethereum contract bytecode is decompiled in this process. However, Hedera’s latest post did not confirm this.

Hedera Assures Network Security

On March 9, Hedera deactivated IP proxies, thereby cutting off access to the network. The team said that they have identified the “root cause” of the exploit and are presently “working on a solution.”

The team mentioned that once a solution is prepared. Hedera Council members will sign transactions to endorse updating code deployment on the mainnet. This will eliminate the vulnerability, and the mainnet proxies will be reactivated, permitting regular activity to continue.

The team advised token owners to check the balances on their account ID and Ethereum Virtual Machine (EVM) address on hashscan.io for their “comfort”. This recommendation was made because Hedera turned off proxies soon after it was discovered the potential issue.

In the past 16 hours, the value of Hedera HBAR’s token has decreased by 7%, consistent with the general market decline of the last 24 hours. In addition, SaucerSwap’s total value locked (TVL) has also dropped significantly by almost 30%, from $20.7 million to $14.58 million in the same period.

The drop in token holdings indicates that many holders promptly withdrew their funds. Additionally, in response to the initial mention of a possible vulnerability.

Related Reading | Bitcoin Slump Causes Canaan’s Q4 Earnings To Plunge By 82%

The Hedera Mainnet passed 5 billion transactions on March 9, potentially spoiling a key milestone for the network. Hedera has not experienced any network exploits that have been reported since its launch in July 2017.