The Hedera Hashgraph platform team has reported an unauthorized withdrawal of assets from the Hedera Token Service, caused by an attack on the main network’s smart contract service.
The attack targeted accounts used as liquidity pools on several DEXs based on Uniswap v2 code, such as Pangolin, SaucerSwap, and HeliSwap.
The transfer of funds by the hacker was discovered and stopped by the operators of the HashportNetwork cross-chain bridge.
In response, the Hedera team shut down the mainnet proxies and will resume operations once patched code is deployed.
The amount of tokens stolen is unknown, however, analysts at PeckShield have noted that the platform’s total value locked decreased 33%, from $36.1 million to $24.6 million.
SaucerSwap has confirmed the attack vector was the process of decompiling Hedera smart contracts, and has reassured that its users’ funds were not affected.
