On Friday, an open-source proof-of-stake network, Hedera endured an exploitation on its smart contract. The protocol confirmed the attack on its mainnet in a recent Twitter post. According to Hedera, the exploiter compromised its Smart Contract Service code to steal several liquidity pool tokens.
The proof-of-stake protocol revealed that the attacker specifically targeted those accounts used as liquidity pools on multiple DEXs. Worthy of note that the said accounts usually employ Uniswap v2-derived contract code ported over to access the Hedera Token Service. After compromising the service code of the smart contract, the attacker reportedly moved assets from the accounts of the victims to his own account. Later, the attacker, according to Hedera, began to move the funds to Hashport bridge. But, the team behind the bridge swiftly uncovered the movement of the funds to its network, and thus disabled it.
Meanwhile, Hedera has pledged to investigate the circumstances that led to the exploitation. According to the protocol, it plans to collaborate with all members of its community, including swirlds labs, HBAR foundation, LimeChain HQ, Pangolin, SaucerSwapLabs, and others to tame the attacker.
Hedera turns off mainnet proxies to prevent more theft
However, as part of its damage control measures, Hedera resolved to turn off its mainnet proxies. The protocol believes turning off the proxies will prevent the attacker from stealing more tokens. Worthy of note that as of press time, Hedera claimed to have identified the root cause of the attack, and thus promised to work on a solution.
The protocol believes that as soon as the solution is ready, the Hedera Council members will sign transactions to endorse the full deployment of updated code on mainnet. This, as revealed, will help to avert the various vulnerabilities enveloped in the network. It is after this has been done that its mainnet proxies will be turned on so that activities on the network can continue without any restraints. Although, as of press time, the protocol is yet to give a specific time in which it intends to completes these processes.
Worthy of note that Hedera is not the only projects that have suffered exploitations this year. Recall that just last week, LaunchZone, a non-custodial crypto exchange suffered similar fate on BNB chain. Unfortunately, the attack on the project led to the loss of $700,00 worth of assets in its pool. In early February, Bonq, a notable lending protocol also suffered a massive attack on its network. According to findings, Bonq lost $120 million in assets to the attack. In the same month, Shredded Apes, a NFT collection project lost about $15,589 on its main wallet to attackers. Now, with the attack on Hedera, it is noteworthy that cyber-exploitations are now on the rise.