Here’s What We Know About Hedera Exploit

Though the exploit in the Decentralized Finance (DeFi) ecosystem in this first quarter is not so pronounced, we have been seeing protocol exploitations on a consistent basis. One of the latest is the hack of the Hedera protocol, as announced by the proof-of-stake (PoS) network earlier today.

According to Hedera, the attacker targeted the Smart Contract Service code by exploiting accounts used as liquidity pools on multiple DEXes that use Uniswap v2-derived contract code ported over to Hedera Token Service. Per Hedera, the impacted protocols include Pangolin Hedera, SaucerSwap Labs and HeliSwap, respectively.

In a recent tweet shared by data intelligence firm CertiK, a total of approximately $570,000 has been confirmed stolen from the Hedera protocol thus far. 

While the sum appears small, it lends credence to the swift move from the protocol’s partners, who reportedly acted swiftly to block funds movement from hackers. The Hedera team said it has taken more proactive steps to prevent additional fund drain.

“To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution” the update reads.

Is there an end to these exploits?

Unlike financial services firms in the traditional banking sector, those operating in Web3.0 are notably prone to these exploits from cyber criminals. 

While it is often been touted as a highly secure technology, hackers have devised clever means to deceive users in order to gain access to their private keys and other important data that can harm them. For protocols, the loophole in the security design has also been used as a backdoor to gain access to a platform’s controls to drain funds.

User awareness of bridges and wallets remains one of the most important campaign agendas of start-ups in the space.