Hedera’s Main Network Attacked by Cybercriminal
On March 10, Hedera disclosed the details of the attack. The attacker attacked the smart contract service code of Hedera\’s main network and transferred the Hed…
On March 10, Hedera disclosed the details of the attack. The attacker attacked the smart contract service code of Hedera’s main network and transferred the Hedera Token service token held by some user accounts to his own account. The target of the attacker is to use accounts as liquidity pools on multiple DEXs, which are migrated to use Hedera Token Service using contracts derived from Uniswap V2, including Pangolin Hedera, SaucerSwap and HeliSwap.
Hedera: The attacker attacks the smart contract service code of the main network and transfers the user token to his account
Analysis based on this information:
On March 10, Hedera’s smart contract service code on its main network was attacked and some user accounts’ Hedera Token Service tokens were transferred to the attacker’s account. The motive of this cybercriminal was to use these accounts as liquidity pools across various DEXs, including SaucerSwap, Pangolin Hedera, and HeliSwap. The attack was executed using contracts derived from Uniswap V2.
In simpler terms, Hedera is a platform used for developing decentralized apps that allow its users to execute smart contracts via the Hedera Token Service. Additionally, users can trade through Decentralized Exchanges (DEXs) such as SaucerSwap, Pangolin Hedera, and HeliSwap by joining different liquidity pools. This concept allows users to lend or borrow cryptocurrencies, ensuring liquidity within the platform.
However, the attacker exploited the account’s liquidity pools by transferring Hedera Token Service tokens to their account, disrupting the functionality of these accounts. This means that users were not able to trade efficiently or borrow and lend currencies as intended.
The involvement of Uniswap V2 was a significant factor in the attack, as it allows seamless liquidity within platforms. Uniswap V2 is an open-source automated market maker (AMM) platform, powered by smart contracts on the Ethereum blockchain that allows DeFi applications to trade currencies without an intermediary. This vulnerability enabled the attacker to gain easy access and transfer the tokens to their account without the platform being aware.
This attack highlights the risks associated with DeFi applications, as it’s vulnerable to cybercriminals. The complex technology used in the platform means that a minor flaw in smart contracts can become a significant disadvantage to a user, similar to the vulnerability that led to the Mt. Gox hack. The danger of these vulnerabilities is that DeFi protocols are difficult and almost impossible to roll back, and restoring them to their previous state can be a tedious process.
In conclusion, the attack orchestrated by the cybercriminal on Hedera’s main network is an indication that DEXs are vulnerable to cybercrime. DeFi applications must be aware that the DeFi space they operate in is more dangerous than ever before and take proactive measures to ensure smart contract security to continue providing the DeFi services to their users.
This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/8496/
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.