Hedera Confirms Hackers Exploited Smart Contract Service to Steal Tokens from DEXs

The core team at Hedera has confirmed that hackers have stolen funds via users’ accounts on decentralized exchanges (DEXs), exploiting a vulnerability in the “Hedera smart contract service”. The attackers targeted liquidity pools on multiple DEXs, including Pangolin, SaucerSwap, and HeliSwap, that had ported Hedera tokens over to the network’s smart contract service via a bridge.

Attack on Hedera Smart Contract Service

The Hedera smart contract service is a separate computing layer integrated with the network to help run Ethereum-compatible apps. The attackers took advantage of a vulnerability in this service to transfer the Hedera Token Service (HTS) tokens held in users’ accounts to their own accounts.

The Hedera team tweeted from its official account, “Today, attackers exploited the smart contract service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own accounts.”

Turning Off Access to Mainnet

Several projects in the Hedera ecosystem worked together to investigate the issue. To prevent further theft of tokens, the Hedera team temporarily turned off the “mainnet proxies,” which removed users’ access to the mainnet.

The team has identified the root cause of the issue and is currently developing a solution to patch the vulnerability. Once the solution is ready, the Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to remove the vulnerability. The mainnet proxies will be turned back on, and normal activity will resume, the team added.

HBAR Foundation’s Public Notification

This confirmation of the exploit comes a day after the HBAR Foundation, the organization behind the blockchain, publicly notified “network irregularities” affecting various Hedera-based decentralized applications (dApps) and their users.

The Hedera team’s announcement suggests that the exploit was the cause of the network irregularities, and that the vulnerability has now been addressed. However, it is unclear how much HTS tokens were stolen or how long the exploit was ongoing.

Conclusion

The recent attack on Hedera’s smart contract service highlights the importance of robust security measures in decentralized networks. It also serves as a reminder to users to exercise caution when using DEXs and to ensure that they are using trusted platforms. The Hedera team’s swift response to the exploit is a positive sign that the network is taking the necessary steps to protect its users and ensure the security of its ecosystem.

Investing in decentralized networks, such as Hedera, can potentially provide significant returns, but it is essential to understand the risks involved. As demonstrated by the recent attack on Hedera’s smart contract service, investors must exercise caution when investing in such networks and ensure they are using trusted platforms. Platforms such as Pattern Trader or Bitcoin Freedom provide investors with a reliable and secure environment to invest in decentralized networks while minimizing their exposure to risks.

Author

  • Steven Gray

    Steven Gray is an experienced cryptocurrency and blockchain journalist with over 7 years of reporting on the crypto industry across major publications. His proficiency in technical analysis provides him the skills to evaluate complex trading algorithms and AI systems. Steven leverages his extensive network of academics and finance professionals to incorporate expert opinions into his unbiased analyses.

    Known for his engaging yet objective writing style, Steven keeps readers informed without hype. His rare blend of crypto domain knowledge, trading acumen, impartiality, and communication skills makes him an ideal author for in-depth reviews of innovations across the cryptocurrency and financial technology sectors.

    View all posts