A security breach in Hedera Network unveils user account hijacking
On March 10, Hedera disclosed the details of the attack. The attacker attacked the smart contract service code of Hedera\’s main network and transferred the Hede
On March 10, Hedera disclosed the details of the attack. The attacker attacked the smart contract service code of Hedera’s main network and transferred the Hedera Token service token held by some user accounts to his own account. The target of the attacker is to use accounts as liquidity pools on multiple DEXs, which are migrated to use Hedera Token Service using contracts derived from Uniswap V2, including Pangolin Hedera, SaucerSwap and HeliSwap.
Hedera: The attacker attacks the smart contract service code of the main network and transfers the user token to his account
Analysis based on this information:
Hedera is a blockchain platform, reported a security breach in its main network, revealing how the attackers took control of various user accounts and transferred their holdings to their own account through a smart contract service code. The attacker’s goal was to use these accounts as liquidity pools on different Decentralized Exchanges (DEXs) that utilize Hedera Token Service through contracts obtained from Uniswap.
The Hedera network, established in 2018, is a distributed public network that aims to provide internet scalability and transaction processing to enable the next generation of decentralized applications. Hedera operates on a proof-of-stake algorithm, providing faster transaction times than other blockchain platforms. However, the platform underwent a security breach on March 10 that allowed attackers to siphon off Hedera token service tokens built on Uniswap V2.
The hackers implanted a malicious code into a smart contract service code on the platform, which allowed them to gain access to user accounts by bypassing system protocols. They then looted the Hedera Token Service tokens of various users onto their account, without the rightful owners’ approval. Although Hedera disclosed this security breach in a timely manner, the total number of accounts that encountered the hack, the amount of stolen tokens, and the identities of the users remain undisclosed.
After gaining access to the user accounts, the attackers then migrated to various decentralized exchanges to deploy liquidity pools. The exchanges include Pangolin Hedera, SaucerSwap, and HeliSwap, all of which employ smart contract-derived Uniswap V2 contracts. By creating liquidity pools, hackers attempt to conduct various illegal activities such as money laundering or unauthorized trading.
In conclusion, the security breach of the Hedera network is a mishap that can occur in blockchain systems that usually claim to be unhackable. Hedera’s platform runs on a modern infrastructure that provides several security measures, but sometimes, like in this case, attackers can still find loopholes in the system’s algorithms. Therefore, blockchain platforms always need to be vigilant and adopt more rigorous security measures to counter security breaches from hackers.
This article and pictures are from the Internet and do not represent SipPop's position. If you infringe, please contact us to delete:https://www.sippop.com/7175.htm
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.