Hedera, the distributed ledger company, has reported a security breach resulting in the theft of service tokens held by victims’ accounts.
According to a statement from Hedera, attackers exploited the Smart Contract Service code of the Hedera mainnet, transferring the stolen tokens to their own accounts. The attackers targeted liquidity pool tokens on decentralized exchanges (DEXs) that derived their code from Uniswap v2 on Ethereum, which was ported over for use on the Hedera Token Service.
The suspicious activity was detected when the attacker attempted to move the stolen tokens across the Hashport bridge. The Hashport bridge consists of liquidity pool tokens on SaucerSwap, Pangolin, and HeliSwap, and operators acted promptly to temporarily pause the bridge when the attackers moved tokens obtained through these attacks.
When the tokens were moved over the Hashport Network bridge, the bridge operators detected the activity and took swift action to disable it.
To prevent the attacker from stealing more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and is working on a solution.
Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to remove this vulnerability. At which point, the mainnet proxies will be turned back on, allowing normal activity to resume.
In response to the breach, Hedera has urged token holders to check the balances on their account ID and Ethereum Virtual Machine (EVM) address on hashscan.io. The company has also reminded users to report any suspicious activity to their support team and has vowed to continue working on strengthening the security of its mainnet.