• A hacker was able to exploit a smart contract vulnerability in the Hedera Mainnet and steal tokens from its liquidity pool.
• Hedera successfully disabled IP proxies, cutting off network access after discovering the attack.
• The token, Hedera (HBAR), has dropped 9% in the previous 24 hours as a result of the attack.
Hacker Steals Tokens From Hedera Exploiting Smart Contract Vulnerability
Exploit Discovery
On March 9, Hedera Hashgraph developers revealed that some tokens from the network’s liquidity pool were stolen due to a smart contract vulnerability on its Mainnet. According to Hedera, the attacker targeted tokens in DEXs’ liquidity pools which used code adapted from Ethereum’s Uniswap v2 and deployed on its Token Service. The hacker attempted to transfer the stolen tokens through Hashport bridge which included tokens from SaucerSwap, Pangolin, and HeliSwap liquidity pools before it was stopped by operators.
Network Access Cut Off
In order to modify Token Service (HTS) on February 3 for smart contract code compatible with Ethereum’s Virtual Machine (EVM), decompiling Ethereum contract bytecode is required. It is suspected that this step is where the attack vector originated according to DEX SaucerSwap but this was not confirmed by Hedera. On March 9, IP proxies were successfully disabled by Hedera which cut off network access.
Stolen Token Total Unverified
The stolen token total was not verified by Hedera but they did provide an update stating they had found the root cause of the exploit and were working on a remedy for token holders’ comfort. Users were recommended to verify their account ID and EVM address balances on hashscan.io after proxies were disabled shortly after discovery of possible attack.
Token Price Drop After Attack
The attack resulted in a 9% drop in token price over 24 hours with HBAR trading at $0.05497 as per CMC as of this writing.