Hedera Hashgraph Hacked: HBAR Foundation Provides Confirmation of Breach

On March 10th, the HBAR Foundation, the organization behind the blockchain network Hedera Hashgraph, confirmed that the network had been attacked through the Smart Contract Service code. The attackers were able to steal funds from users who provided liquidity on various decentralized exchanges (DEXs), including Pangolin, SaucerSwap, and HeliSwap.

According to a tweet by the HBAR Foundation, the attackers exploited the Smart Contract Service code to transfer Hedera Token Service tokens from victims’ accounts to their own. The attackers targeted accounts used as liquidity pools on multiple DEXs that use Uniswap v2-derived contract code ported over to use the Hedera Token Service.

However, the attackers’ attempt to move the stolen tokens over the HashportNetwork bridge was detected, and the bridge operators took immediate action to disable it. The Hedera community, including Swirlds Labs, HBAR Foundation, LimeChainHQ, Pangolin, SaucerSwap, and HeliSwap teams, worked together to investigate the attack and prevent further theft.

To prevent the attackers from stealing more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and is working on a solution. Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to remove this vulnerability, and the mainnet proxies will be turned back on, allowing normal activity to resume.

This attack raises concerns about the security of blockchain networks and the vulnerability of users who provide liquidity on decentralized exchanges. It also highlights the need for increased security measures and constant vigilance to prevent such attacks from happening in the future.

The HBAR Foundation has assured its users that it is taking this incident seriously and is working diligently to resolve the issue. It remains to be seen how long it will take for the network to fully recover from the attack and restore user confidence in its security measures.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like