cryptoknowmics.com
The distributed ledger Hedera Hashgraph team has confirmed that a smart contract exploit on the Hedera Mainnet has resulted in the theft of several liquidity pool tokens. [embed]https://twitter.com/hedera/status/1634055353435561986?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1634055353435561986%7Ctwgr%5E11e5882d750d6331f294c3e775193961c83a84fb%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcointelegraph.com%2Fnews%2Fhedera-confirms-exploit-on-mainnet-led-to-theft-of-service-tokens[/embed] According to Hedera, the attacker was looking for liquidity pool tokens on DEXs that got their code from Uniswap v2 on Ethereum and used it on the Hedera Token Service. The suspicious activity was discovered when the attacker tried to move the stolen tokens across the Hashport bridge. The stolen tokens were liquidity pool tokens from SaucerSwap, Pangolin, and HeliSwap. The bridge was put on hold for a short period of time by the operators. The quantity of stolen tokens was unknown to Hedera.
Hedera Says No proof of Breach That Led to the Theft
Hedera upgraded the network so that smart contract code that was compatible with the Ethereum Virtual Machine (EVM) could be uploaded to the Hedera Token Service (HTS). The process involves decompiling the bytecode for an Ethereum contract to the HTS, which is where the DEX SaucerSwap, which is based in Hedera, believes the attack vector originated. However, in its most recent post, Hedera did not confirm this.
Flaw Detected; Solution Underway
Hedera had previously been successful in preventing network access by deactivating IP proxies. The team claimed to have discovered the exploit's "root cause" and is "working on a solution." Shortly after discovering the potential flaw, Hedera disabled proxies and advised token holders to use hashscan.io to check the balances on their account ID and Ethereum Virtual Machine (EVM) address for their own "comfort."