The Hedera Hasgraph (HBAR) network is under maintenance following an attack that is still unclear. According to reports, a hacker managed to steal $570,000 across different pools of liquidity available on some decentralised exchanges (DEX) thanks to a flaw in the Hedera Smart Contract Service.
Hedera Hashgraph network under attack
An attack has taken place on the Hedera Hashgraph network, with many users having funds stolen through various protocols including Pangolin, SaucerSwap and HeliSwap. According to blockchain security firm CertiK, approximately $570,000 was affected.
The damage was mitigated by the intervention of Hedera’s technical teams who quickly disabled the mainnet proxies to prevent the attacker(s) from continuing their attack on the network.
Update on the exploit on @hedera
We have confirmed at least ~$570k worth of assets has been stolen by the exploiter
The @hedera team are continuing to work on a solution
See more below https://t.co/iE2BoQTjwy
– CertiK Alert (@CertiKAlert) March 10, 2023
Furthermore, Hedera announced that it is working with the affected project teams and other network players to fix the vulnerability as soon as possible. For the time being, proxies are still disabled, so users’ funds for the protocols remain safe. The mainnet will be accessible again once the Hedera Council members have approved the soon to be proposed code:
“Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to eliminate this vulnerability, and the mainnet proxies will then be reactivated, allowing normal activity to resume. “
How the attack on Hedera Hashgraph went down
According to the SaucerSwap protocol, it was the process of “decompiling” the smart contracts that allowed the attack. The hacker would have had access to the Hedera Hashgraph Service tokens of certain individuals through certain liquidity pools whose code is derived from Uniswap V2.
The information has not been confirmed, but it is likely that the flaw in the code comes from the February 3rd update, in which the code of the Ethereum Virtual Machine (EVM) compatible smart contracts was integrated into the Hedera Token Service (HTS). It is this decompilation of one code into another that is potentially at issue.
However, the hacker quickly drew the attention of the Hedera teams by attempting to transfer the tokens via the Hashport bridge, which later led to the closure of the proxies.
It should be noted that since its creation in 2017, this is the first time that the Hedera Hashgraph network has fallen victim to an attack.
The price of the HBAR token does not appear to have been affected by the news, with the token seeing a relative drop of around 1% over the last 24 hours, and this in the midst of a cryptocurrency market that is experiencing a global decline.
