Hedera Exploit: Hackers Steal Smart Contract Tokens

• Hedera recently confirmed a security breach, where attackers managed to exploit the Smart Contract Service code of protocol’s mainnet.
• The root cause of the issue has been identified by the team and they are working on a solution.
• Network services have been shut down to prevent further theft and user access to mainnet has been removed.

Hedera Security Breach

Decentralized proof-of-stake (PoS) blockchain Hedera finally confirmed a security breach. In an update, the team behind the platform revealed that attackers managed to exploit the Smart Contract Service code of the protocol’s mainnet to transfer Hedera Token Service tokens held by victims‘ accounts to their own. It said the root cause of the issue has been identified by the team, and are working on a solution.

Attackers Targeting Smart Contract Services

The attackers targeted those accounts which were used as liquidity pools on multiple decentralized exchanges – including Pangolin, SaucerSwap, and HeliSwap – that utilize Uniswap v2-derived contract code ported over to use the Hedera Token Service to carry out the theft.

Shutting Down of Network Services

Hedera announced shutting down network services and initially cited experiencing „network irregularities“ as a reason. In its latest confirmation thread, it said that mainnet proxies remain turned off in order to prevent further attack attempts by removing user access to mainnet services.

Working On A Solution

The team is currently working on a solution for this issue. Once ready, Hedera Council members will sign transactions in order to approve deployment of updated code on mainnet which will remove this vulnerability and allow normal activity on platform once again.

Summary

Hedera recently confirmed a security breach where attackers exploited its Smart Contract service code for transferring tokens from user accounts held by victims into their own wallets without permission. The exact sum of tokens stolen is still unknown but network services have been temporarily shut down while they work on an effective solution for this problem which would be implemented after approval from council members at Hedera platform upon deployment of updated code on mainnet which will remove existing vulnerability and restore normal activity once again..