Hedera Hashgraph, the distributed ledger team, has announced that its Mainnet suffered a smart contract exploit on March 9. However, Hedera assured that the exploit did not impact the network or its consensus layer.
The exploit led to the theft of several liquidity pool tokens, which the attacker targeted on decentralized exchanges (DEXs). These tokens derived their code from Uniswap v2 on Ethereum, which was then ported for use on the Hedera Token Service.
Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account. (1/6)
— Hedera (@hedera) March 10, 2023
Hedera explained that the team detected suspicious activity when the attacker tried to transfer the stolen tokens across the Hashport bridge. This bridge comprised liquidity pool tokens on SaucerSwap, Pangolin, and HeliSwap. The operators swiftly intervened and paused the bridge temporarily.
The amount of tokens stolen in the attack remains unconfirmed, as Hedera did not disclose this information.
On February 3, Hedera upgraded its network to convert Ethereum Virtual Machine (EVM)-compatible smart contract code to the Hedera Token Service (HTS). During this process, Ethereum contract bytecode was decompiled to the HTS. SaucerSwap, a Hedera-based DEX, believes that this is where the attack vector came from. However, Hedera did not confirm this in its latest statement.
In response to the exploit, Hedera temporarily shut down network access on March 9 by turning off IP proxies. In addition, the team identified the “root cause” of the exploit and is currently “working on a solution.”
Hedera plans to deploy updated code on the Mainnet once the solution is ready. Council members will sign transactions to approve the deployment of this code, and then the mainnet proxies will be turned back on, allowing normal activity to resume.
In light of the potential exploit, Hedera has recommended that token holders check the balances on their account ID and Ethereum Virtual Machine (EVM) address on hashscan.io for their peace of mind.
The price of Hedera’s token (HBAR) has experienced a significant drop since the incident. That is consistent with the broader market’s decline over the last 24 hours.
None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.
 address.){kind=link}