By Zachary Stone
Hedera Network has halted all access to its wallet and app, creating panic among users. The step was taken to enable the network investigate a suspected compromise of its smart contract.
Hedera says it will turn off all network proxies on its mainnet during the investigation process. Users of Hedera-based decentralized exchange Saucerswap have been told to withdraw their liquidity from the exchange pending completion of the investigation.
The network says this step is necessary to protect users from any possible loss. So far, there’s no record of any fund losses, but care is being taken with “an abundance of caution for users.” Hedera stated on 9 March that there’s a possible attack exploiting some smart contract issues the network was facing.
Exploit Hitting Hedera
As the investigation is going on, blockchain security company Ignas has given insight into the issue. The company stated in a tweet that there was an ongoing exploit hitting Hedera. The exploit was said to be affecting all Hedera dApps using Hedera Token Service (HTS), like LP tokens or wrapped tokens.
1/ There's an ongoing exploit hitting Hedera.
— Ignas | DeFi Research (@DefiIgnas) March 9, 2023
All Hedera dApps using Hedera Token Service (HTS), like LP tokens or wrapped tokens are affected.
The exploit is targeting the decompiling process in smart contracts.
Advice: "Get your funds out now." pic.twitter.com/H5jOhLg9od
According to information gathered by Ignas, “The exploit is targeting the decompiling process in smart contracts. Bridged tokens have been frozen by Hashport so users can’t bridge to other chains now.” As other projects such as Heliswap, and Pangolin were under risk, the Hedera team said it was in touch with such projects to ensure no risk is posed to their users.
At the moment, users cannot access their wallets or apps until further notice. Users of decentralized exchanges based on Hedera also cannot access or use such platforms, pending when the investigation is completed. The mainnet however will continue to run and is confirming blocks in spite of the shutdown.
Users Outraged
The sudden shutdown has generated outrage and panic in the community of users. Users are now wondering if Hedera is committed to completing the decentralization of its network as they initially promised- something that could reduce the chances of this kind of exploits. They wonder if the community is indeed in control of the network or it is only in the hands of a few.
The doubt is mainly because Hedera controlled the proxies initially, but promised to handover the control to council members. The network’s unique design uses the fast, fair, and secure hashgraph consensus mechanism. Along side Solidity-based smart contracts and native tokenization and consensus services, the network is used to build decentralized applications.
Attackers exploiting weaknesses in smart contracts is a common occurrence within the crypto space and many other projects such as cross-chain bridges have suffered such in the past. Examples are Wormhole, Ronin Bridge, Water Bridge, and Wintermute, all of which amounted to over a billion dollars in stolen funds. Will Hedera’s be different?