Hedera confirms exploit on mainnet led to theft of service tokens

Hedera, the group behind distributed ledger Hedera Hashgraph, has confirmed a sensible contract exploit on the Hedera Mainnet that has led to the theft of a number of liquidity pool tokens.

Hedera mentioned the attacker focused liquidity pool tokens on decentralized exchanges (DEXs) that derived its code from Uniswap v2 on Ethereum, which was ported over to be used on the Hedera Token Service.

The Hedera group defined that the suspicious exercise was detected when the attacker tried to maneuver the stolen tokens throughout the Hashport bridge, which consisted of liquidity pool tokens on SaucerSwap, Pangolin and HeliSwap. Operators acted promptly to quickly pause the bridge.

Hedera didn’t affirm the quantity of tokens that had been stolen.

On Feb. 3, Hedera upgraded the community to transform Ethereum Digital Machine (EVM)-compatible sensible contract code onto the Hedera Token Service (HTS).

A part of this course of entails the decompiling of Ethereum contract bytecode to the HTS, which is the place Hedera-based DEX SaucerSwap believes the assault vector got here from. Nevertheless, Hedera didn’t affirm this in its most up-to-date publish.

Earlier, Hedera managed to close down community entry by turning off IP proxies on March 9. The group mentioned it has recognized the “root trigger” of the exploit and is “engaged on an answer.”

“As soon as the answer is prepared, Hedera Council members will signal transactions to approve the deployment of up to date code on mainnet to take away this vulnerability, at which level the mainnet proxies will likely be turned again on, permitting regular exercise to renew,” the group added.

A discover posted by Hedera on its standing webpage cautioned customers that its community wouldn’t be accessible. Supply: Hedera

Since Hedera turned off proxies shortly after it discovered the potential exploit, the group suggested tokenholders examine the balances on their account ID and Ethereum Digital Machine (EVM) handle on for their very own “consolation.”

Associated: Hedera Governing Council to purchase hashgraph IP and open-source venture’s code

The value of the community’s token Hedera (HBAR) has fallen 7% for the reason that incident roughly 16 hours in the past, in step with the broader market fall during the last 24 hours.

Nevertheless, the whole worth locked (TVL) on SaucerSwap fell almost 30% from $20.7 million to $14.58 million over the identical timeframe:

The TVL on SaucerSwap fell sharply following the information of the exploit. Supply: DefiLlama

The autumn suggests a major quantity of tokenholders acted rapidly and withdraw their funds following the preliminary dialogue of a possible exploit.

The incident has doubtlessly spoiled a serious milestone for the community, with the Hedera Mainnet surpassing 5 billion transactions on March 9.

This seems to be the primary reported community exploit on Hedera because it was launched in July 2017.

Subscribe to our mailing list to receive new updates and special offers

We don’t spam! Read our [link]privacy policy[/link] for more info.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
You have not selected any currencies to display