Hacker Steals Tokens From Hedera: Exploiting Smart Contract Vulnerability

• On March 9, Hedera disabled IP proxies after discovering a possible attack on its Mainnet.
• A hacker was able to exploit a smart contract vulnerability and steal tokens from DEXs’ liquidity pools.
• The network’s token, Hedera (HBAR), has dropped 9% in the previous 24 hours.

Hacker Steals Tokens From Hedera

A hacker successfully exploited a smart contract vulnerability on the Hedera Mainnet to steal tokens from DEXs’liquidity pools. After quick action by the operators, the Hashport bridge was momentarily stopped.

Vulnerability Exploitation

The developers of the Hedera Hashgraph distributed ledger revealed that some tokens from the network’s liquidity pool were stolen due to a smart contract vulnerability. The hacker attempted to transfer the stolen tokens through the Hashport bridge, which included tokens from SaucerSwap, Pangolin, and HeliSwap liquidity pools and triggered an alarm.

Network Access Cut Off

On March 9, Hedera successfully disabled IP proxies, cutting off network access. The team claims to have found the exploit’s “root cause” and is “working on a remedy.” Token holders are encouraged to verify their account ID and Ethereum Virtual Machine (EVM) address balances on hashscan.io after disabling proxies soon after discovering the possible attack.

Token Price Dropping

The total amount of stolen token was not verified by Hedera but it did affect HBAR’s price as it dropped 9% in 24 hours trading at $0.05497 as per CMC at time of writing this article.


Hedera is continuing its investigation into this security breach while making sure that similar incidents don’t happen in future by working on more secure solutions for its users and investors alike.