Hedera reports hacking attack
Hedera (HBAR), which develops and provides DLT (distributed ledger technology), reported on the 10th that there was a hacking attack that used a vulnerability in Hedera’s smart contract.
Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account.
— Hedera (@hedera) March 10, 2023
Attackers exploited a vulnerability in the Hedera mainnet smart contract service code to transfer Hedera Token Service (HTS) tokens held by the victim account to their own account. there is
During this time, the attackers stole funds via the accounts of decentralized exchange (DEX) users.
The target is the liquidity pool of a decentralized exchange that has ported the Hedera token to the platform via a cross-chain bridge. Accounts such as Pangolin, SaucerSwap, and HeliSwap that use Uniswap v2-derived contract code have been attacked.
The platform responded quickly to this. When the attacker tried to move the stolen funds out through hashport’s bridge, which enables cross-chain transfers, the hashport team noticed this and disabled the transfer.
To prevent attackers from stealing more tokens, Hedera temporarily turned off mainnet proxies, preventing users from accessing the mainnet. The team is currently working to identify and resolve the root cause of this issue.
Ultimately, no details have yet been revealed, including whether there was any money that leaked out.
Hedera also explained the outlook for the future. Once a solution is in place, members of Hedera’s governing body, the Hedera Council, will go through the process of approving the implementation of the new code. Mainnet proxies are expected to be turned back on at that time and normal activity can resume.
Hedera’s smart contract service is a layer integrated into Hedera’s network to run Ethereum (ETH) compatible apps. The Hedera Token Service will also allow businesses and others to build and issue tokens on the Hedera platform.
What is cross chain
It refers to the technology that straddles blockchains with different standards and specifications and connects them. In response to Ethereum’s scalability problem, cross-chain implementation is progressing on various platforms.
Warning as of 9th
The Hedera Foundation and affected decentralized exchanges such as Pangolin issued warnings to users as of Wednesday.
Due to some Hedera network irregularities, Hashport has paused their bridge, and we’d encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately.
This is a time critical moment, so we’ll update as soon as we have more information
— Pangolin Hedera (@Pangolin_Hedera) March 9, 2023
Pangolin says Hashport has suspended the bridge due to illicit activity on the Hedera network, and recommends that “those who have HTS tokens deposited in Pangolin’s liquidity pool or elsewhere should withdraw immediately.” .
SaucerSwap also announced on the 9th that there was an attack on the Hedera network. “While we have not yet received any reports of SaucerSwap users having their funds stolen, we recommend that you withdraw your funds immediately as a precautionary measure,” it said.
What is DEX
A decentralized exchange built on blockchain. It is also called “DEX” from “Decentralized EXchange”, which is an English translation of “decentralized exchange”. Since transactions are conducted directly between parties without going through a central administrator, there is no need to pay a fee to the administrator, and other features include low liquidity and the user managing the private key.