Hedera Hashgraph is a distributed ledger technology that offers faster transaction times and lower fees than traditional blockchains. Its mainnet supports smart contracts and decentralized applications, and it has gained popularity among enterprise customers due to its scalability and security features.

However, on March 10, 2023, the Hedera team confirmed a smart contract exploit on their mainnet that led to the theft of several tokens from the liquidity pool. The attack targeted liquidity pool tokens on decentralized exchanges (DEXs) using Uniswap v2 derivative code on Ethereum, which was transferred for use on the Hedera Token Service.

The attack vector is believed to have come from the process of converting Ethereum Virtual Machine (EVM)-compatible smart contract code into Hedera Token Service (HTS). As part of this process, the Ethereum contract bytecode is decompiled on the HTS. The Hedera-based DEX SaucerSwap believes this is where the attack vector came from, but Hedera has not confirmed this.

The suspicious activity was detected when the attacker attempted to move the stolen tokens across the Hashport Bridge, which consists of liquidity pool tokens on SaucerSwap, Pangolin, and HeliSwap. The operators acted quickly to temporarily pause the bridge, preventing the attacker from continuing to move the stolen tokens.

Hedera has not confirmed the exact number of tokens stolen, but the team is working on a fix to remove the vulnerability. On March 9, Hedera managed to shut down network access by turning off IP proxies and has since identified the “root cause” of the exploit.

The fix is ​​expected to be ready soon, and once it is ready, Hedera Council members will sign transactions to approve the deployment of the updated code to the mainnet to remove the vulnerability. After deployment, the main network proxies will be turned back on, allowing normal activity to resume.

In the meantime, Hedera suggested that token holders check balances on their account ID and Ethereum Virtual Machine (EVM) address at hashscan.io for their own “convenience.” The price of the network’s token, Hedera (HBAR), has fallen 7% since the incident, in line with the overall market decline over the past 24 hours.

The incident highlights the risks of smart contract exploits on blockchain networks and the importance of security measures to prevent such attacks. Hedera’s response to the exploit has been swift and proactive, and it is working to restore security and functionality to the network as soon as possible.