In a Twitter announcement, Hedera confirmed an exploit in its mainnet, leading to a loss of liquidity tokens. However, the firm noted the exploit did not impact its consensus layer.
Network exploitation is among the challenges of many crypto projects, with DeFi protocols recording the highest hack incidents since 2021. The latest exploit is that of Hedera, a decentralized, open-source, proof-of-stake public ledger.
Hedera Discloses Details of Mainnet Exploit
Hadera is the firm behind distributed ledger Hedera Hashgraph. In the latest hack, the attackers exploited the Smart Contract service code of its mainnet and transferred service tokens from user accounts to their accounts.
The hackers targeted liquidity pool accounts on multiple decentralized exchanges (DEXs) that use Uniswap V2-derived contract codes, including Pangolin Hedera, SaucerSwap Labs, and HeliSwap DEX. The announcement explained that the criminals moved the stolen tokens to the Hshport Network Bridge. However, the bridge operators detected the unusual activity and took swift action to disable it.
Hedera further noted that it worked with the community, including HBAR Foundation, Swirlds Labs, Pangolin Hedera, Lime Chain HQ, SaucerSwap Labs, and HeliSwap DEX, to investigate the attack. The firm also employed measures to prevent hackers from stealing more tokens. On March 9, the network turned off mainnet proxies, restricting access to the network.
Hedera’s announcement also revealed that the team identified the root cause of the attack and is working to provide a solution. When they find a solution, Council members will sign transactions to authorize a new code deployment on the mainnet to remove the vulnerability.
The protocol noted that the mainnet proxies would come on after eliminating the problem, allowing usual activities to resume on the network.
Recent Hack Incident Dents Hedera Network’s Milestone
While explaining the method used by the hackers and the possible solutions to the issue, Hedera failed to disclose the number of tokens the hackers stole. As a Twitter user commented, the blockchain appeared very secure, but the recent attack revealed the opposite.
The network previously upgraded its network to convert Ethereum Virtual Machine (EVM) compatible Smart Contract code to the Hedera Token Service (HTS). This process partly involves decompiling Ethereum contract bytecode to the HTS, where the Hedera-based DEX SaucerSwap thinks the hack vector emanated. But the Twitter post did not confirm the source of the vulnerability.
After turning off the network proxies, the Hedera team suggested that token holders check the balances on their account and EVM address on hashscan.io to ensure funds are intact.
Meanwhile, the HBAR price has declined 8.5% over the past 24 hours and trades at $0.05721. The price decline is not just due to the latest attack but also the ongoing market-wide downturn.
However, the total value locked on SaucerSwap dropped by 30%, falling from $20.7 million to $14.58 million over the last 24 hours.
The decline in total value locked suggests many token holders quickly withdrew their funds after the initial discussion regarding a potential hack exploit. The incident has dented the blockchain’s recent milestone after its mainnet hit 5 billion transactions.
Featured image from Pixabay and chart from Tradingview.com