2. März 2024

Hedera Exploit: Attackers Steal From Smart Contract Service

• Hedera revealed that attackers targeted its Smart Contract Service code on the mainnet and managed to transfer tokens held by victims’ accounts to their own.
• The cause of this exploit has been identified, and the team is currently working on a solution.
• The platform shut down network services to prevent further theft and are now working on deploying updated code on mainnet.

Hedera Security Breach

Decentralized proof-of-stake (PoS) blockchain Hedera recently confirmed a security breach. Attackers managed to exploit the Smart Contract Service code of the protocol’s mainnet to transfer Hedera Token Service tokens held by victims‘ accounts to their own.

Hedera Exploit Details

The exact sum of tokens that were stolen is still not known. The attackers targeted those accounts which were used as liquidity pools on multiple decentralized exchanges – including Pangolin, SaucerSwap, and HeliSwap – that utilize Uniswap v2-derived contract code ported over to use the Hedera Token Service to carry out the theft. To prevent further theft, Hedera shut down its network services.

Solution Preparation

The root cause of the issue has been identified by the team, and they are currently working on a solution whereby Council members will sign transactions allowing deployment of updated code on mainnet in order to remove this vulnerability. This will also allow normal activity to resume once more.

Impact & Losses

It remains unknown at this time how much damage was done or how much money was lost due to this exploit; however, it is clear that users have had their funds compromised and many have expressed concern about using decentralized exchanges in future given this incident.

Conclusion

This attack serves as an important reminder for users of any type of blockchain service: always take necessary security measures when dealing with digital assets, such as enabling two-factor authentication or other similar features offered by various platforms.