Hedera confirms exploit on mainnet led to theft of service tokens

Hedera, the squad down distributed ledger Hedera Hashgraph, has confirmed a astute declaration exploit connected the Hedera Mainnet that has led to the theft of respective liquidity excavation tokens.

Hedera said the attacker targeted liquidity excavation tokens connected decentralized exchanges (DEXs) that derived its codification from Uniswap v2 connected Ethereum, which was ported implicit to usage connected the Hedera Token Service.

Today, attackers exploited the Smart Contract Service codification of the Hedera mainnet to transportation Hedera Token Service tokens held by victims’ accounts to their ain account. (1/6)

The Hedera squad explained that the suspicious enactment was detected erstwhile the attacker attempted to moved the stolen tokens crossed the Hashport bridge, which consisted of liquidity excavation tokens connected SaucerSwap, Pangolin and HeliSwap. However, operators past acted promptly to temporarily intermission the bridge.

Hedera didn't corroborate the magnitude of tokens that were stolen.

On Feb. 3, Hedera upgraded the web to person Ethereum Virtual Machine (EVM)-compatible astute declaration codification onto the Hedera Token Service (HTS).

Part of this process involves the decompiling of Ethereum declaration bytecode to the HTS, which is wherever Hedera-based DEX SaucerSwap believes the onslaught vector came from. However, Hedera didn't corroborate this successful its astir caller post.

Earlier, Hedera managed to unopen down web entree by turning disconnected IP proxies connected Mar. 9. The squad said it has identified the "root cause" of the exploit and is "working connected a solution."

To forestall the attacker from being capable to bargain much tokens, Hedera turned disconnected mainnet proxies, which removed idiosyncratic entree to the mainnet. The squad has identified the basal origin of the contented and are moving connected a solution. (5/6)

"Once the solution is ready, Hedera Council members volition motion transactions to o.k. the deployment of updated codification connected mainnet to region this vulnerability, astatine which constituent the mainnet proxies volition beryllium turned backmost on, allowing mean enactment to resume," the squad added.

A announcement posted by Hedera connected its presumption webpage cautioned users that its web volition not beryllium accessible. Source: Hedera

Since Hedera turned disconnected proxies soon aft it recovered the imaginable exploit, the squad suggested token holders cheque the balances connected their relationship ID and Ethereum Virtual Machine (EVM) code connected hashscan.io for their ain “comfort.”

All HashPack functionality volition beryllium unavailable during this downtime https://t.co/ngaRmg00Zi

Related: Hedera Governing Council to bargain hashgraph IP and open-source project’s code

The terms of the network's token Hedera (HBAR) has fallen 7% since the incidental astir 16 hours ago, successful enactment with the broader marketplace autumn implicit the past 24 hours.

However, the full worth locked (TVL) connected SaucerSwap fell astir 30% from $20.7 cardinal to $14.58 cardinal implicit the aforesaid timeframe:

The TVL connected SaucerSwap fell sharply pursuing the quality of the exploit. Source: DeFiLlama

The autumn suggests a important magnitude of token holders acted rapidly and retreat their funds pursuing the archetypal treatment of a imaginable exploit.

The incidental has perchance spoiled a large milestone for the network, with the Hedera Mainnet surpassing 5 cardinal transactions connected Mar. 9.

This appears to beryllium the archetypal reported web exploit connected Hedera since it was launched successful July 2017.