• On March 9, Hedera disabled IP proxies on its network after discovering a smart contract vulnerability that allowed a hacker to steal tokens from DEXs‘ liquidity pools.
• The stolen token total was not verified by Hedera but the group believes the exploit originated from decompiling Ethereum codes onto its HTS.
• Following the incident, HBAR dropped 9% in 24 hours trading at $0.05497 as per CMC at the time of writing.
Hacker Steals Tokens From Hedera Hashgraph
Smart Contract Vulnerability Discovered
On March 9, Hedera successfully disabled IP proxies, cutting off network access after discovering a smart contract vulnerability that allowed a hacker to steal tokens from DEXs‘ liquidity pools. The developers of the distributed ledger revealed that some tokens had been stolen and believed the exploit originated from decompiling Ethereum codes onto its HTS (Hedera Token Service).
Tokens Stolen Not Verified By Hedera
The stolen token total was not verified by Hedera but it claimed to have found the exploit’s „root cause“ and to be „working on a remedy“. For token holders‘ comfort, the team recommended they verify their account ID and Ethereum Virtual Machine (EVM) address balances on hashscan.io following their quick action in disabling proxies soon after discovering the possible attack.
HBAR Drops 9% After Incident Discovery
Following the incident, HBAR dropped 9% in 24 hours trading at $0.05497 as per CMC at the time of writing.
Root Cause Of Attack Found?
The network’s token service (HTS) was modified on February 3 to support smart contract code compatible with Ethereum’s Virtual Machine (EVM). A key step in this procedure is decompiling Ethereum contract bytecode which SaucerSwap thinks is where the attack vector originated although no confirmation has been made by Hedera yet.
Verify Account Balances For Safety Measures
For safety measures, it is advised for users to verify their account ID and EVM address balances on hashscan.io while all necessary precautions are taken by developers within Hedera Hashgraph regarding this smart contract vulnerability and related issues