Hedera Mainnet Exploited, Leading to Theft of Liquidity Pool Tokens

Hedera Hashgraph is a distributed ledger technology that offers faster transaction times and lower fees than traditional blockchains. Its mainnet supports smart contracts and decentralized applications, and it has gained popularity among enterprise clients due to its scalability and security features.

However, on March 10, 2023, the Hedera team confirmed a smart contract exploit on its mainnet that led to the theft of several liquidity pool tokens. The attack targeted liquidity pool tokens on decentralized exchanges (DEXs) that use code derived from Uniswap v2 on Ethereum, which was ported over for use on the Hedera Token Service.

The attack vector is believed to have come from the process of converting Ethereum Virtual Machine (EVM)-compatible smart contract code onto the Hedera Token Service (HTS). As part of this process, Ethereum contract bytecode is decompiled to the HTS. The Hedera-based DEX SaucerSwap believes that this is where the attack vector came from, but Hedera has not confirmed this.

The suspicious activity was detected when the attacker attempted to move the stolen tokens across the Hashport bridge, which consists of liquidity pool tokens on SaucerSwap, Pangolin, and HeliSwap. Operators acted promptly to temporarily pause the bridge, preventing the attacker from moving the stolen tokens further.

Hedera has not confirmed the exact amount of tokens that were stolen, but the team is working on a solution to remove the vulnerability. On March 9, Hedera managed to shut down network access by turning off IP proxies, and it has since identified the "root cause" of the exploit.

The solution is expected to be ready soon, and once it is, Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to remove the vulnerability. After the deployment, the mainnet proxies will be turned back on, allowing normal activity to resume.

In the meantime, Hedera has suggested that tokenholders check the balances on their account ID and Ethereum Virtual Machine (EVM) address on hashscan.io for their own "comfort." The price of the network's token, Hedera (HBAR), has fallen 7% since the incident, in line with the broader market fall over the last 24 hours.

The incident highlights the risks of smart contract exploits on blockchain networks and the importance of security measures to prevent such attacks. Hedera's response to the exploit has been swift and proactive, and it is working to restore the network's security and functionality as soon as possible.