Hedera’s Main Network Attacked by Cybercriminal
On March 10, Hedera disclosed the details of the attack. The attacker attacked the smart contract service code of Hedera\’s main network and transferred the Hed…
On March 10, Hedera disclosed the details of the attack. The attacker attacked the smart contract service code of Hedera’s main network and transferred the Hedera Token service token held by some user accounts to his own account. The target of the attacker is to use accounts as liquidity pools on multiple DEXs, which are migrated to use Hedera Token Service using contracts derived from Uniswap V2, including Pangolin Hedera, SaucerSwap and HeliSwap.
Hedera: The attacker attacks the smart contract service code of the main network and transfers the user token to his account
Analysis based on this information:
On March 10, Hedera’s smart contract service code on its main network was attacked and some user accounts’ Hedera Token Service tokens were transferred to the attacker’s account. The motive of this cybercriminal was to use these accounts as liquidity pools across various DEXs, including SaucerSwap, Pangolin Hedera, and HeliSwap. The attack was executed using contracts derived from Uniswap V2.
In simpler terms, Hedera is a platform used for developing decentralized apps that allow its users to execute smart contracts via the Hedera Token Service. Additionally, users can trade through Decentralized Exchanges (DEXs) such as SaucerSwap, Pangolin Hedera, and HeliSwap by joining different liquidity pools. This concept allows users to lend or borrow cryptocurrencies, ensuring liquidity within the platform.
However, the attacker exploited the account’s liquidity pools by transferring Hedera Token Service tokens to their account, disrupting the functionality of these accounts. This means that users were not able to trade efficiently or borrow and lend currencies as intended.
The involvement of Uniswap V2 was a significant factor in the attack, as it allows seamless liquidity within platforms. Uniswap V2 is an open-source automated market maker (AMM) platform, powered by smart contracts on the Ethereum blockchain that allows DeFi applications to trade currencies without an intermediary. This vulnerability enabled the attacker to gain easy access and transfer the tokens to their account without the platform being aware.
This attack highlights the risks associated with DeFi applications, as it’s vulnerable to cybercriminals. The complex technology used in the platform means that a minor flaw in smart contracts can become a significant disadvantage to a user, similar to the vulnerability that led to the Mt. Gox hack. The danger of these vulnerabilities is that DeFi protocols are difficult and almost impossible to roll back, and restoring them to their previous state can be a tedious process.
In conclusion, the attack orchestrated by the cybercriminal on Hedera’s main network is an indication that DEXs are vulnerable to cybercrime. DeFi applications must be aware that the DeFi space they operate in is more dangerous than ever before and take proactive measures to ensure smart contract security to continue providing the DeFi services to their users.
This article and pictures are from the Internet and do not represent Fpips's position. If you infringe, please contact us to delete:https://www.fpips.com/8496/
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.
Recommended articles
-
Loan Agreement on Solana Solend: New Updates and Parameters for Users to Know
On April 11, it was reported that the loan agreement on Solana Solend had been launched in the first phase of SolendV2, and three new functions had been updated: loan weight, TWAP
-
#Core DAO Launches $200 Million Ecosystem Fund to Accelerate Development of Decentralized Applications and Protocols
According to reports, Core DAO has announced the launch of a $200 million ecosystem fund aimed at accelerating the development of decentralized applications and protocols based on
-
Generative Artificial Intelligence: Exploring Its Early Stages and Practical Uses
On April 14th, it was reported that the CEO of Amazon Cloud Services (AWS) stated that generative artificial intelligence is still in its early stages; Focusing on reducing the cos
-
Institutional Investors Remain Bullish on Cryptocurrency Despite Market Volatility
It is reported that Lookonchain posted on social media that Bitcoin and Ethereum rose today. The data on the chain showed that several funds/institutions have …
-
Chiliz Launches New Blockchain Focusing on Sports
According to reports, Chiliz, the sports and entertainment blockchain solution, announced that it would launch a new blockchain focusing on sports on May 10th.
Chiliz: A new blockc -
Blur’s Bidding Pool Lock-up Volume Declines by 21.5% in a Week
It is reported that according to Defilama data, the lock-up volume of Blur\’s bidding pool has been declining in the past week since reaching a high of $147.18 …
-
Why Virtual Currency is an Inevitable Trend
Why is virtual currency an inevitable trend? Editor\’s note: This article is from
-
**Gary Gensler and SEC’s Effort Towards Efficient and Trustworthy Market**
According to reports, Gary Gensler, Chairman of the United States Securities and Exchange Commission (SEC), stated on social media that during his two-year service with the regulat
-
Understanding the Growth of Digital Collections in the International and Domestic Markets
According to reports, according to peer data, the International Weekly Index of Digital Collections increased by 3.4 points to 17.7 points last week (March 28th to April 3rd, 2023)
-
Bitsave Acquires Encrypted News Provider Multisig Media: A Game-Changer for Web3 Professionals
On April 25th, Bitsave, a digital asset accounting platform, announced the acquisition of encrypted news provider Multisig Media, but the specific amount of the acquisition has not
-
Meta To Raise $8.5 Billion Through a 5-Part Transaction
According to reports, insiders have revealed that Meta plans to raise $8.5 billion through a five part transaction. The longest bond issue this time is the 40 year bond, whose yiel
-
When will Antminer S9 be launched (What coins can Antminer S9 mine)?
When will Antminer S9 be launched When will Antminer S9 be launched? On Decembe
-
Suzhou releases 30 demand scenarios in 7 major fields of the metaverse, soliciting solutions from society
According to reports, the Suzhou Municipal Bureau of Industry and Information Technology recently released 30 major application scenario requirements for the 2023 Suzhou Metaverse,
-
China’s Plan to Boost Online Gaming Technology and Business Form with Innovation
According to reports, Yang Fang, deputy director of the Publishing Bureau of the Publicity Department of the CPC Central Committee, said in his speech at the a…
-
What does dcr wallet mean (download dcr wallet app)
What does dcr wallet mean? Dcr wallet is a decentralized cloud computing platform. Through blockchain and smart contract, dccr can realize various functional applications such as storage, exchange and transaction of digital currency. It supports and deploys Ethereum Virtual Machine (EVM) at runtime Dcnr is an open source wallet that allows anyone to add software or services to their system for use. Users can create DCN tokens in the wallet or receive them from the wallet. (Cryptobriefing) Download the DC Wallet appDownload the DC Wallet app for Android mobile users to use. It is reported that DC’s wallet currently supports mainstream browser plugin wallets such as Metamak, imtoken, and TokenPocket. If you search for Dc wallets in the app store, you can go to dc.com apps for detailed introduction According to official sources, there have been numerous new features and improvements in the DC Wallet app recently, such as the addition of encrypted asset trading and sending functions; We have…
-
The Future of Mobile Connectivity: The Karrier One 5G Blockchain Network
On April 5th, it was announced that the 5G blockchain network Karrier One will end its first round of financing today, with unknown amounts and participants. Karrier One is a decen