The core team at Hedera has confirmed that hackers have stolen funds via users’ accounts on decentralized exchanges (DEXs), exploiting a vulnerability in the “Hedera smart contract service”. The attackers targeted liquidity pools on multiple DEXs, including Pangolin, SaucerSwap, and HeliSwap, that had ported Hedera tokens over to the network’s smart contract service via a bridge.
Attack on Hedera Smart Contract Service
The Hedera smart contract service is a separate computing layer integrated with the network to help run Ethereum-compatible apps. The attackers took advantage of a vulnerability in this service to transfer the Hedera Token Service (HTS) tokens held in users’ accounts to their own accounts.
The Hedera team tweeted from its official account, “Today, attackers exploited the smart contract service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own accounts.”
Turning Off Access to Mainnet
Several projects in the Hedera ecosystem worked together to investigate the issue. To prevent further theft of tokens, the Hedera team temporarily turned off the “mainnet proxies,” which removed users’ access to the mainnet.
The team has identified the root cause of the issue and is currently developing a solution to patch the vulnerability. Once the solution is ready, the Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to remove the vulnerability. The mainnet proxies will be turned back on, and normal activity will resume, the team added.
HBAR Foundation’s Public Notification
This confirmation of the exploit comes a day after the HBAR Foundation, the organization behind the blockchain, publicly notified “network irregularities” affecting various Hedera-based decentralized applications (dApps) and their users.
The Hedera team’s announcement suggests that the exploit was the cause of the network irregularities, and that the vulnerability has now been addressed. However, it is unclear how much HTS tokens were stolen or how long the exploit was ongoing.
Conclusion
The recent attack on Hedera’s smart contract service highlights the importance of robust security measures in decentralized networks. It also serves as a reminder to users to exercise caution when using DEXs and to ensure that they are using trusted platforms. The Hedera team’s swift response to the exploit is a positive sign that the network is taking the necessary steps to protect its users and ensure the security of its ecosystem.
Investing in decentralized networks, such as Hedera, can potentially provide significant returns, but it is essential to understand the risks involved. As demonstrated by the recent attack on Hedera’s smart contract service, investors must exercise caution when investing in such networks and ensure they are using trusted platforms. Platforms such as Pattern Trader or Bitcoin Freedom provide investors with a reliable and secure environment to invest in decentralized networks while minimizing their exposure to risks.