It is still unknown how many tokens were taken in total.
Hedera, a decentralized proof-of-stake (PoS) blockchain, has finally confirmed a security flaw. According to an update from the platform’s developers, hackers were able to transfer Hedera Token Service tokens from victims’ accounts to their own by taking advantage of a flaw in the mainnet protocol’s Smart Contract Service code.
It stated that the team had identified the problem’s underlying cause and had been currently developing a solution.
Hedera added that the fraud was carried out using Uniswap v2-derived contract code that was ported over to use the Hedera Token Service and targeted accounts that were used as liquidity pools on several decentralized exchanges, such as Pangolin, SaucerSwap, and HeliSwap.
Hedera announced the termination of network services and initially cited “network irregularities” as the cause. The platform’s most recent confirmation thread stated that the mainnet proxies are still off in order to stop the attacker from stealing more tokens and removing user access to the mainnet. The team is now working to come up with a solution.
Hedera Council members will sign transactions to authorize the deployment of updated code to fix this vulnerability on mainnet once it is ready. At such a point, the mainnet proxies will be turned back on, allowing business as usual to resume.