PANews reported on March 10 that Hedera disclosed the details of the attack. The attacker attacked the smart contract service code of the Hedera mainnet and transferred the Hedera Token Service tokens held by some user accounts to their own accounts. The attacker's target was accounts used as liquidity pools on multiple DEXs, which used Uniswap V2-derived contract generations to migrate to use Hedera Token Service, including Pangolin Hedera, SaucerSwap, and HeliSwap. When the attacker moved the tokens obtained through the attack to the Hashport Network Bridge, the Bridge operator detected the activity and quickly took action to disable it.
To prevent the attacker from stealing more tokens, Hedera has shut down the mainnet proxy, which removes user access to the mainnet. The Hedera team has identified the root cause of the issue and is working on a solution. Once a solution is ready, Hedera Council members will sign a transaction to approve the deployment of updated code on the mainnet to eliminate this vulnerability, at which time the mainnet proxy will be reopened and normal activity will be allowed to resume.
Earlier yesterday, Hedera officially disclosed that its smart contract had abnormal conditions and was under investigation. Earlier today, Hedera said it had shut down the mainnet network agent.