The rise of cryptocurrency has brought about a new era of decentralized finance and online transactions. However, with the growing popularity of crypto platforms, there have been instances of network exploits leading to loss of funds. Today, Hedera Hashgraph, a popular decentralized public network, has confirmed that an exploit on its mainnet led to the theft of service tokens. The platform has reported that millions of service tokens were stolen in the attack.
Hedera’s Liquidity Pool Became The Victim
Hedera Hashgraph, the brilliant minds behind the popular distributed ledger, have announced some unsettling news – their Hedera Mainnet has been hit by a smart contract exploit resulting in the theft of several liquidity pool tokens.
The attack was aimed at the liquidity pool tokens used in decentralized exchanges (DEXs) that were based on Uniswap v2’s code on Ethereum, which was subsequently adapted for use on the Hedera Token Service. The attacker was able to exploit the vulnerability in the system, resulting in the loss of the tokens.
The Hedera team has shed some light on the recent suspicious activity on their platform. The perpetrator was caught trying to move the stolen tokens across the Hashport bridge, which contained liquidity pool tokens from SaucerSwap, Pangolin, and HeliSwap. However, the operators were quick to respond and temporarily paused the bridge to prevent further damage.
Unfortunately, the exact amount of tokens that were stolen remains unknown, as Hedera has not yet confirmed this information. However, the team has reassured its users that they are taking all necessary steps to investigate the situation and enhance their security protocols to prevent similar incidents in the future.
Hedera Turned Off IP Proxies
In a recent development, Hedera made an upgrade to its network on February 3rd, which involved the conversion of Ethereum Virtual Machine (EVM)-compatible smart contract code onto the Hedera Token Service (HTS). However, it appears that this process of decompiling Ethereum contract bytecode to HTS may have opened up a vulnerability, as Hedera-based DEX SaucerSwap suspects that this was the attack vector used in the recent exploit. However, Hedera has yet to confirm this suspicion in its latest post.
In response to the situation, Hedera’s security team has taken swift action by shutting down network access and turning off IP proxies on March 9th. According to the team, they have identified the “root cause” of the exploit and are currently “working on a solution” to prevent any future incidents.
The team said, “Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code on mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal activity to resume.”
In response to the recent exploit on their network, Hedera turned off proxies. However, as a precautionary measure, the team has advised token-holders to check the balances on their account ID and Ethereum Virtual Machine (EVM) address on hashscan.io to ensure their own peace of mind.
The recent potential exploit on the Hedera network appears to have had a significant impact on the platform’s token price and SaucerSwap’s total value locked (TVL). Since the incident, the price of the network’s token, Hedera HBAR, has fallen 7%, in line with the broader market trend over the past 24 hours.
In addition to the drop in token price, SaucerSwap’s TVL also fell by nearly 30%, dropping from $20.7 million to $14.58 million in just a few hours. This suggests that many stakeholders were quick to withdraw their funds following the initial reports of a potential exploit.
The timing of this incident is unfortunate, as the Hedera Mainnet had just surpassed 5 billion transactions on March 9th, marking a significant milestone for the network. This incident also appears to be the first reported exploit on the Hedera network since its launch in July 2017, making it all the more concerning.
