Hedera Mainnet Exploited, Leading to Theft of Liquidity Pool Tokens

blockchain.news:

Hedera Hashgraph is a distributed ledger technology that offers faster transaction times and lower fees than traditional blockchains. Its mainnet supports smart contracts and decentralized applications, and it has gained popularity among enterprise clients due to its scalability and security features.

However, on March 10, 2023, the Hedera team confirmed a smart contract exploit on its mainnet that led to the theft of several liquidity pool tokens. The attack targeted liquidity pool tokens on decentralized exchanges (DEXs) that use code derived from Uniswap v2 on Ethereum, which was ported over for use on the Hedera Token Service.

The attack vector is believed to have come from the process of converting Ethereum Virtual Machine (EVM)-compatible smart contract code onto the Hedera Token Service (HTS). As part of this process, Ethereum contract bytecode is decompiled to the HTS. The Hedera-based DEX SaucerSwap believes that this is where the attack vector came from, but Hedera has not confirmed this.

The suspicious activity was detected when the attacker attempted to move the stolen tokens across the Hashport bridge, which consists of liquidity pool tokens on SaucerSwap, Pangolin, and HeliSwap. Operators acted promptly to temporarily pause the bridge, preventing the attacker from moving the stolen tokens further.

Hedera has not confirmed the exact amount of tokens that were stolen, but the team is working on a solution to remove the vulnerability. On March 9, Hedera managed to shut down network access by turning off IP proxies, and it has since identified the «root cause» of the exploit.

The solution is expected to be ready soon, and once it is, Hedera Council members will sign transactions to approve the