- On March 9, Hedera successfully disabled IP proxies, cutting off network access.
- The network’s token, Hedera (HBAR), has dropped 9% in the previous 24 hours.
The developers of the Hedera Hashgraph distributed ledger have revealed that some tokens from the network’s liquidity pool were stolen due to a smart contract vulnerability on the Hedera Mainnet. The hacker, according to Hedera, went after tokens in DEXs’ liquidity pools that used code adapted from Ethereum’s Uniswap v2 and deployed on its Hedera Token Service.
The Hedera team said that the attacker’s attempt to transfer the stolen tokens through the Hashport bridge, which included tokens from the SaucerSwap, Pangolin, and HeliSwap liquidity pools, triggered the alarm. The bridge was momentarily stopped after quick action by the operators.
Proxies Disabled After Attack Discovery
The stolen token total was not verified by Hedera. The Hedera Token Service (HTS) was modified on February 3 to support smart contract code that is compatible with Ethereum’s Virtual Machine (EVM).
A key step in this procedure is decompiling Ethereum contract bytecode to the HTS, and here is where Hedera-based DEX SaucerSwap thinks the attack vector originated. Nevertheless, in its most recent update, Hedera does not affirm this. On March 9, Hedera successfully disabled IP proxies, cutting off network access. The group claims to have found the exploit’s “root cause” and to be “working on a remedy.
For token holders “comfort,” the Hedera team recommended they verify their account ID and Ethereum Virtual Machine (EVM) address balances on hashscan.io after the company disabled proxies soon after discovering the possible attack. The network’s token, Hedera (HBAR), has dropped 9% in the previous 24 hours, trading at $0.05497 as per CMC as of this writing.
Source: https://thenewscrypto.com/hacker-steals-tokens-from-hedera-exploiting-smart-contract-vulnerability/