The creators of the distributed ledger Hedera Hashgraph, Hedera, have acknowledged a smart contract vulnerability on the Hedera Mainnet that resulted in the theft of a number of liquidity pool coins.Hedera claimed that the attacker specifically targeted liquidity pool tokens on decentralized exchanges (DEXs) whose code was moved over to use on the Hedera Token Service from Uniswap v2 on Ethereum
Attackers used the Hedera mainnet’s Smart Contract Service code today to steal Hedera Token Service tokens from victims’ accounts and transfer them to their own accounts. (1/6)
The attacker tried to transport the stolen tokens, which included liquidity pool tokens on SaucerSwap, Pangolin, and HeliSwap, through the Hashport bridge when the Hedera team indicated that the suspicious activity was discovered. But, operators quickly took action to halt the bridge. The quantity of tokens that were taken was not confirmed by Hedera. Hedera upgraded the network on February 3 to enable the Hedera Token Service to accept smart contract code compatible with the Ethereum Virtual Machine (EVM) (HTS).
Hedera-based DEX SaucerSwap believes the attack vector originated from the decompiling of Ethereum contract bytecode to the HTS, which is a step in this process. Hedera did not explicitly state this in its most recent post, though.
Previously, on March 9, Hedera was able to disable network access by disabling IP proxies. The group claimed to have located the exploit’s “root cause” and to be “working on a remedy.”
Hedera disabled mainnet proxies, denying users access to the mainnet, to stop the attacker from stealing more tokens. The team has determined what caused the problem, and they are now working on a fix. (5/6) The team continued, “After the fix is complete, Hedera Council members will sign transactions to authorise the deployment of new code on mainnet to close this vulnerability. At that point, the mainnet proxies will be turned back on, allowing business as usual to resume.
The team advised token holders to check the balances on their account ID and Ethereum Virtual Machine (EVM) address on hashscan.io for their own “comfort” because Hedera turned off proxies soon after it discovered the potential issue.
Hedera, the network’s token, has decreased in value by 7% since the event about 16 hours ago, keeping pace with the 24-hour market decline.