• Hedera has confirmed a security breach in which attackers managed to exploit the Smart Contract Service code of their mainnet.
• The attackers targeted accounts used for liquidity pools on multiple decentralized exchanges, such as Pangolin, SaucerSwap, and HeliSwap.
• The team behind Hedera is currently working on a solution to address the issue and prevent further theft.
Hedera Security Breach Confirmed
Hedera recently confirmed that attackers have exploited their Smart Contract Service code of the protocol’s mainnet to transfer tokens held by victims‘ accounts to their own. The exact sum of tokens that were stolen is still not known.
Attackers Targeted Decentralized Exchanges
The attackers targeted those accounts which were used as liquidity pools on multiple decentralized exchanges – including Pangolin, SaucerSwap, and HeliSwap – that utilize Uniswap v2-derived contract code ported over to use the Hedera Token Service to carry out the theft.
Shutdown In Progress
As a precautionary measure, Hedera announced shutting down network services and initially cited experiencing „network irregularities“ as a reason. To prevent the attacker from being able to steal more tokens, thereby removing user access to the mainnet, Hedera has turned off its mainnet proxies.
Working On A Solution
The team behind Hedera is currently working on a solution to address this issue and remove this vulnerability so that normal activity can resume once again on the platform. Once ready, Council members will sign transactions to approve the deployment of updated code on mainnet.
Conclusion
In conclusion, Hedera has announced a security breach in which attackers managed to target accounts used as liquidity pools on multiple decentralized exchanges with Uniswap v2-derived contract code ported over using Hedera Token Service for theft purposes. The team is currently working on a solution and once ready will approve it via Council member signatures for deployment of updated code on mainnet so users can access it again normally