Hedera Hashgraph, the distributed ledger responsible for revolutionizing the crypto world, has recently confirmed an alarming breach. The incident involved the exploitation of a smart contract on the Hedera Mainnet that led to the theft of various tokens from liquidity pools.
The attack targeted liquidity pool tokens on decentralized exchanges (DEXs) with code based on Uniswap v2 on Ethereum, which were transferred to the Hedera Token Service. The attackers’ attempts to move the stolen tokens via the Hashport bridge were quickly detected by vigilant operators, who took action by temporarily suspending the bridge.
Although Hedera has not disclosed the exact number of tokens stolen, the operators have initiated a thorough investigation into the matter.
In the wake of the attack, Hedera has upgraded its network to convert Ethereum Virtual Machine (EVM)-compatible smart contract code into the Hedera Token Service (HTS). This move follows the decompiling of bytecode from the Ethereum contract to the HTS, which is where the Hedera-based DEX SaucerSwap suspects the attack vector came from.
The Hedera team has identified the root cause of the exploit and is actively developing a solution. Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet and eliminate this vulnerability.
As a precaution, Hedera has advised token holders to check their account IDs and EVM addresses on hashscan.io for their own peace of mind. In the crypto world, vigilance is key, and Hedera’s swift response to this attack is a testament to their dedication to security and the safety of their users.
Despite the recent exploit, Hedera Hashgraph remains a promising project in the crypto space. The platform boasts of high throughput, low latency, and secure consensus mechanism, making it ideal for building decentralized applications (dApps) and powering enterprise-grade solutions. In addition, Hedera’s governance structure, which includes a council made up of trusted organizations, ensures that the platform’s development is guided by key players in various industries, promoting decentralization and transparency.
Hedera’s technology has already gained significant adoption, with notable partnerships with companies such as Google Cloud, IBM, and Wipro. Furthermore, the platform is already being used for various applications, such as supply chain tracking, real-time logistics monitoring, and identity verification. With the continued development of the platform and more adoption of its technology, Hedera Hashgraph is likely to become a major player in the enterprise blockchain space.
In a series of tweets, Hedera has confirmed that attackers have exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens from victims’ accounts to their own. The attackers targeted accounts used as liquidity pools on multiple DEXs that use Uniswap v2-derived contract code ported over to use the Hedera Token Service, including SaucerSwapLabs, Pangolin_Hedera, and HeliSwap_DEX.
However, the bridge operators detected the activity when the attackers moved tokens obtained through these attacks over the HashportNetwork bridge and took swift action to disable it. To prevent the attackers from stealing more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet.
The Hedera community, including SwirldsLabs, HBAR_foundation, LimeChainHQ, Pangolin_Hedera, SaucerSwapLabs, and HeliSwap_DEX teams, worked together to investigate the attack. The team has identified the root cause of the issue and is currently working on a solution. Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal activity to resume.