• On March 9, Hedera successfully disabled IP proxies, cutting off network access after discovering a possible attack.
• The attacker targeted DEXs’ liquidity pools that used code adapted from Ethereum’s Uniswap v2 and deployed on its Hedera Token Service.
• The stolen token total was not verified by Hedera; however, the HBAR token dropped 9% in the previous 24 hours at the time of writing.
Hacker Steals Tokens From Hedera
On March 9, the developers of the Hedera Hashgraph distributed ledger revealed that some tokens from its network’s liquidity pool were stolen due to a smart contract vulnerability on the Hedera Mainnet. The hacker went after tokens in DEXs’ liquidity pools that used code adapted from Ethereum’s Uniswap v2 and deployed on its Hedera Token Service.
IP Proxies Disabled After Attack Discovery
The total amount of tokens stolen was not verified by Hedera; however, the HBAR token dropped 9% in the previous 24 hours at the time of writing. To protect token holders, Hedera disabled IP proxies soon after discovering the attack and recommended them to verify their account ID and Ethereum Virtual Machine (EVM) address balances on hashscan.io.
Root Cause Found And Remedy In Progress
The team has found what they believe is the root cause of the exploit and are working on a remedy for it. They believe it originated from decompiling Ethereum contract bytecode to their Token Service but have not confirmed this yet.
Attempts To Transfer Stolen Tokens Triggered Alarm
The hacker attempted to transfer stolen tokens through Hashport bridge which included tokens from SaucerSwap, Pangolin, and HeliSwap liquidity pools; this triggered an alarm which stopped bridge operations momentarily after quick action by operators.
Conclusion
Hedera has taken steps to secure itself against any future attacks or exploits with immediate action when they detected an issue with their platform security protocols. It is important for users to remain vigilant when dealing with any digital assets and follow all safety precautions regarding network access as well as verifying account details regularly for potential malicious activity.