Hedera confirms hackers stole tokens from DEXs, exploiting a bug in ‘smart contract service’

The core team at Hedera confirmed there was a recent exploit on the network in which hackers stole funds via users’ accounts on decentralized exchanges, it said.

The attackers took advantage of a vulnerability in the “Hedera smart contract service” to transfer the Hedera Token Service (HTS) tokens held in users’ accounts to their own accounts. The Hedera smart contract service is a separate computing layer integrated with the network to help run Ethereum-compatible apps.

“Today, attackers exploited the smart contract service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own accounts,” the team tweeted from its official account.

The core team at Hedera reported that the attackers targeted liquidity pools on multiple decentralized exchanges (DEXs) that had ported Hedera tokens over to the network’s smart contract service via a bridge. The affected multiple DEXs including Pangolin, SaucerSwap and HeliSwap.

Today’s confirmation of the exploit comes a day after the HBAR Foundation, the organization behind the blockchain, publicly notified “network irregularities” affecting various Hedera-based decentralized applications (dApps) and their users.

Turning off access to the mainnet

Several projects in the Hedera ecosystem have worked together to investigate the issue. To prevent any further theft of tokens, the Hedera team temporarily turned off the “mainnet proxies,” which removed users’ access to the mainnet.

“To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution,” the Hedera team added.

Several teams are still developing a solution to patch the vulnerability. Once the solution is ready, the Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to remove the vulnerability. The mainnet proxies will be turned back on, and normal activity will resume, the team added.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.