<p><span style="font-weight: 400;">The core team at Hedera confirmed there was a recent exploit on the network in which hackers stole funds via users' accounts on decentralized exchanges, it said.</span></p> <p><span style="font-weight: 400;">The attackers took advantage of a vulnerability in the "Hedera smart contract service" to transfer the Hedera Token Service (HTS) tokens held in users' accounts to their own accounts. The Hedera smart contract service is a separate computing layer integrated with the network to help run Ethereum-compatible apps.</span></p> <p><span style="font-weight: 400;">"Today, attackers exploited the smart contract service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own accounts," the team</span> <a href="https://twitter.com/hedera/status/1634055353435561986"><span style="font-weight: 400;">tweeted</span></a><span style="font-weight: 400;"> from its official account.</span></p> <p><span style="font-weight: 400;">The core team at Hedera reported that the attackers targeted liquidity pools on multiple decentralized exchanges (DEXs) that had ported Hedera tokens over to the network's smart contract service via a bridge. The affected multiple DEXs including Pangolin, SaucerSwap and HeliSwap.</span></p> <p><span style="font-weight: 400;">Today's confirmation of the exploit comes a day after the HBAR Foundation, the organization behind the blockchain, publicly</span><a href="https://www.theblock.co/post/218416/hedera-blockchain-undergoing-technical-irregularities-hbar-foundation-says"> <span style="font-weight: 400;">notified</span></a><span style="font-weight: 400;"> “network irregularities” affecting various Hedera-based decentralized applications (dApps) and their users.</span></p> <h2>Turning off access to the mainnet</h2> <p><span style="font-weight: 400;">Several projects in the Hedera ecosystem have worked together to investigate the issue. To prevent any further theft of tokens, the Hedera team temporarily turned off the "mainnet proxies," which removed users' access to the mainnet.</span></p> <p><span style="font-weight: 400;">“To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution,” the Hedera team added.</span></p> <p><span style="font-weight: 400;">Several teams are still developing a solution to patch the vulnerability. Once the solution is ready, the Hedera Council members will sign transactions to approve the deployment of updated code on the mainnet to remove the vulnerability. The mainnet proxies will be turned back on, and normal activity will resume, the team added.</span></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>