Crypto news for Hedera Hashgraph: confirmation of exploit on mainnet that led to theft of service tokens

Related

Share

Important crypto news for Hedera Hashgraph, which stated that the March 9 smart contract exploit had no impact on the network or its level of acceptance.

Recall that Hedera Hashgraph is a decentralized distributed network that is structurally very different from the Bitcoin and Ethereum blockchains, but performs equivalent functions. In fact, it relies on more efficient security and validation algorithms than those used in blockchain networks.

Hedera Hashgraph: what happened to the crypto ecosystem?

The team behind the distributed ledger Hedera Hashgraph, confirmed a smart contract exploit on the Hedera Mainnet that led to the theft of several token pools of liquidity.

Hedera said the attacker targeted liquidity pool tokens on decentralized exchanges (DEX) that derived its code from Uniswap v2 on Ethereum, which was transferred for use on the Hedera token service.

The Twitter account reads the following:

“Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account.”

The Hedera team explained that the suspicious activity was detected when the attacker attempted to move the stolen tokens across the Hashport Bridge, which consisted of cash pool tokens on SaucerSwap, Pangolin and HeliSwap. 

Operators acted promptly to temporarily pause the bridge. However, Hedera did not confirm the amount of tokens stolen. On Feb. 3, Hedera upgraded the network to convert the smart contract code compatible with the Ethereum Virtual Machine (EVM)- to Hedera Token Service (HTS).

Part of this process involves decompiling the Ethereum contract bytecode into the HTS, from which Hedera-based DEX SaucerSwap believes the attack vector came. However, Hedera did not confirm this in its most recent post.

What was the cause of the exploit according to Hedera?

Previously, Hedera managed to shut down access to the network by disabling IP proxies on March 9. The team said it has identified the root cause of the exploit and is working on a solution.

As noted on Twitter:

“To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution.” 

In addition, the team added the following:

“Once the solution is ready, Hedera board members will sign transactions to approve the deployment of updated code on mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal activity to resume.” 

Because Hedera disabled the proxies shortly after detecting the potential exploit, the team suggested that token holders check balances on the account ID and Ethereum Virtual Machine (EVM) address on hashscan.io for “convenience.”

However, the total locked value (TVL) on SaucerSwap dropped by nearly 30 percent from $20.7 million to $14.58 million in the same time frame. The drop suggests that a significant amount of token holders acted quickly and withdrew their funds after the initial discussion of a potential exploit.

The incident potentially marred a major milestone for the network, with Hedera Mainnet surpassing 5 billion transactions on March 9. This appears to be the first reported network exploit on Hedera since it was launched in July 2017.

Smart Contracts 2.0 update compatible with EVM.

Hedera Hashgraph announced on February 3 a significant update through the mainnet launch of Hedera Smart Contracts 2.0. 

The development will integrate Hedera Smart Contract Service with Hedera Token Service (HTS), along with other significant enhancements.

The Hedera Smart Contract Service is compatible with EVM (Ethereum Virtual Machine) and runs Solidity, a programming language used by 30 percent of all Web3 developers.

Hedera Smart Contracts 2.0 equips Solidity and EVM-compatible smart contracts with the versatility of Hedera’s tokenization infrastructure, supporting native Hedera tokens and NFTs with Hedera Token Service.

This creates greater flexibility for users, allowing developers to evaluate the usability of smart contracts and incorporate the capabilities of hashgraph-based tokenization into their programming.

In addition, developers using Smart Contracts 2.0 are offered low and predictable gas rates facilitated by the hashgraph consensus algorithm. Hedera can process up to 15 million gas per second, the same as Ethereum aims to achieve in an entire blockchain.

Transactions associated with Smart Contracts 2.0 also benefit from Hedera’s high transaction speeds and security standards.

The Hedera network uses hashgraph to achieve Byzantine Asynchronous Fault Tolerance (ABFT), which is the highest possible degree of security for a distributed ledger and means that no single person or group can prevent the algorithm from reaching consensus.