Hedera, the team behind the distributed ledger Hedera Hashgraph, has confirmed a smart contract exploit on the Hedera Mainnet that has led to the theft of several liquidity pool tokens.
Hedera said the attacker targeted liquidity pool tokens on decentralized exchanges (DEXs) that derived their code from Uniswap v2 on Ethereum, which was transferred for use in the Hedera Token Service.
Today, the attackers exploited the Hedera mainnet smart contract service code to transfer Hedera token service tokens held by victim accounts to their own account. (1/6)
— Ivy (@hiedra) March 10, 2023
The Hedera team explained that the suspicious activity was detected when the attacker attempted to move the stolen tokens across the Hashport bridge, which consisted of liquidity pool tokens on SaucerSwap, Pangolin, and HeliSwap. However, the operators acted quickly to temporarily pause the bridge.
Hedera did not confirm the number of tokens that were stolen.
On Feb. 3, Hedera updated the network to convert Ethereum Virtual Machine (EVM)-compatible smart contract code into Hedera Token Service (HTS).
Part of this process involves decompiling the Ethereum contract bytecode on the HTS, which is where the Hedera-based DEX SaucerSwap believe where the attack vector came from. However, Hedera did not confirm this in his most recent post.
Previously, Hedera managed to shut down network access by turning off IP proxy servers on March 9. The team said it has identified the “root cause” of the exploit and is “working on a fix.”
To prevent the attacker from stealing more tokens, Hedera disabled the mainnet’s proxies, eliminating user access to the mainnet. The team has identified the root cause of the issue and is working on a fix. (5/6)
— Ivy (@hiedra) March 10, 2023
“Once the fix is ready, members of the Hedera Council will sign transactions to approve the deployment of updated code to the mainnet to eliminate this vulnerability, at which time the mainnet proxies will be turned back on, which that will allow normal activity to resume,” the team added.
Since Hedera disabled proxies shortly after finding the potential exploit, the team He suggested token holders check balances on their account ID and Ethereum Virtual Machine (EVM) address at hashscan.io for their own “convenience”.
All HashPack functionality will be unavailable during this downtime https://t.co/ngaRmg00Zi
— HashPack Wallet (@HashPackApp) March 9, 2023
Related: Hedera Governing Council to buy hashgraph IP and code from open source project
The network’s Hedera (HBAR) token price has fallen 7% since the incident about 16 hours ago, in line with the market’s widest drop in the last 24 hours.
However, the total value locked (TVL) on SaucerSwap fell nearly 30%, from $20.7 million to $14.58 million over the same time period:
The drop suggests that a significant number of token holders acted quickly and withdrew their funds after initial discussion of a potential exploit.
The incident has potentially botched a major milestone for the network, with the Hedera Mainnet surpassing 5 billion transactions on March 9.
#Ivy: 5 BILLION mainnet transactions!
actual transactions. real applications. Real world #utility. You’re watching?
we are witnessing #DLT adoption on an unprecedented scale.
This is just the beginning. pic.twitter.com/n0TbWTJmC0
— Ivy (@hiedra) March 8, 2023
This appears to be the first reported network exploit in Hedera since its release in July 2017.
