Hedera Token Service Exploited

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Hedera Blockchain Homepage/Logo

Hedera Hashgraph is a decentralized, open-source, proof-of-stake public ledger that utilizes the leaderless, asynchronous Byzantine Fault Tolerance (aBFT) hashgraph consensus algorithm. It is governed by a decentralized council of leading enterprises, universities, and web3 projects from around the world. Hedera's performance-optimized Ethereum Virtual Machine (EVM) smart contracts, along with its easy-to-use native tokenization and consensus service APIs, enable developers to create real-time web3 applications and ecosystems that will drive the future of the internet. Unfortunately, there was an ongoing exploit that hit the Hedera network, which is targeting the decompiling process in smart contracts. At the time of writing, attackers have hit Pangolin and HeliSwap pools containing wrapped assets. Hedera has turned off network proxies on mainnet, effectively making it inaccessible, but "Hedera core" continues to work through the smart contract irregularity. The lack of certainty caused chaos, and what turned out to be around $515k stolen by the attacker turned into $12M of damage to the ecosystem.

About Hedera Blockchain

Hedera is a decentralized, open-source, proof-of-stake public ledger that utilizes the leaderless, asynchronous Byzantine Fault Tolerance (aBFT) hashgraph consensus algorithm[1]. Governed by the Hedera Governing Council, a decentralized body of independent global organizations, it offers high throughput with fast finality, low, predictable fees, and fair transaction ordering with consensus timestamps[1]. The network supports real-time web3 applications and ecosystems, and its performance-optimized Ethereum Virtual Machine (EVM) smart contracts allow developers to create a variety of applications[1].

Hedera's ecosystem includes DeFi, NFTs, decentralized identity, payments, sustainability, and decentralized logs[1]. The council consists of enterprises, web3 projects, and prestigious universities globally[1]. The codebase and ecosystem standards are open source, contributed by the community through Hedera Improvement Proposals (HIPs)[1]. Hedera has expressed a commitment to sustainability, boasting low energy consumption per transaction[1]. It has partnered with leading organizations for enterprise applications, including ServiceNow, Avery Dennison, LG, and more[1].

The network provides tools for developers, an open-source SDK for stablecoin applications called Stablecoin Studio, and a variety of resources, including documentation, grants, accelerators, and bounties[1]. The platform has been used for various applications, including decentralized exchanges, NFT marketplaces, liquid staking protocols, and more[1]. With low-cost, immediate settlement, scalability, fair access, and ordering, Hedera offers an efficient and sustainable solution for decentralized applications[1].

"Hedera is built differently from other blockchains. It has high throughput with fast finality; low, predictable fees; fair transaction ordering with consensus timestamps; and a robust codebase that ensures scalability and reliability at every layer of its network infrastructure. Hedera is governed responsibly by the world’s leading organizations to ensure that the network is collusion-resistant."

The Swiss Hashgraph Association, backed by a grant from Hedera Hashgraph, has partnered with the Swiss Digital Assets Institute (SDAI) to launch the "Hashgraph Innovation Program" in Switzerland[2]. The Hashgraph Innovation Program is designed to support the growth and adoption of Hedera-enabled solutions, with a focus on the European, Middle Eastern, and African (EMEA) markets[2]. Hedera has allocated $16.3 million worth of hbar in grant funding to the Swiss Hashgraph Association, a non-profit entity[2]. The program, to be delivered by SDAI, aims to empower startups, enterprises, and government institutions globally to design and develop enterprise-grade solutions and decentralized applications on the Hedera network[2]. The program will run for five years in three phases, offering grants in HBAR up to $250,000 for startups, $750,000 for enterprises, and $1,500,000 for government initiatives[2].

"HTS was audited by FP Complete in 2021."

DefiLlama:[3]

Homepage:[1]

The Reality

Bridges are tricky to secure, due to challenge of ensuring finality on two distinct chains.

What Happened

The Hedera Token Service bridge between Hedera and Ethereum was exploited.

Key Event Timeline - Hedera Token Service Exploited
Date Event Description
March 9th, 2023 3:02:11 AM MST Funds Bridged To Ethereum The first batch of funds are bridged to Ethereum by the attacker.
March 9th, 2023 3:08:00 AM MST Pangolin Hedera Warning Pangolin Hedera posts on Twitter to warn about irregularities in the Hedera blockchain and that they have paused their bridge service[4] "[d]ue to some Hedera network irregularities". "This is a time critical moment, so we'll update as soon as we have more information."
March 9th, 2023 4:46:00 AM MST SaucerSwap Labs Warning SaucerSwap Labs posts a warning to Twitter and notes they are "actively investigating"[5].
March 9th, 2023 6:24:00 AM MST DefiIgnas Twitter Warning Twitter user DefiIgnas posts a warning about the ongoing exploit of the Hedera network[6]. They report the Hedera Foundation are aware and in communication with affected partners and actively working to resolve the issue. The total value locked in Hedera dApps is rapidly decreasing, leading to discussions in Discord about swapping to HBAR as a potential solution. An ongoing exploit targeted the decompiling process in smart contracts, affecting Pangolin and HeliSwap pools with wrapped assets. SaucerSwap Labs reported the exploit, advising immediate withdrawal of HTS tokens from Pangolin Pools and Farms. Due to network irregularities, Hashport paused its bridge. Smart contracts on the Hedera Network are currently paused, and the network is experiencing an outage[6].
March 9th, 2023 6:39:00 AM MST HashPort Unavailable According to DefiIgnas, the HashPort service reports that "Hedera Network is experiencing an outage."[7]
March 9th, 2023 7:26:10 AM MST Panic Posts On Reddit A Reddit thread discusses the ongoing exploit[8][9]. The community reactions are mixed, with some expressing frustration and concern about the exploit, while others make jokes or share experiences of their losses. Some users criticize wrapped tokens and express a lack of trust in bridges due to frequent hacks. There's a mix of emotional responses, from frustration and disappointment to humor and nonchalance. Users share their personal experiences, with some stating their losses and others discussing their skepticism about various projects. Overall, the community is engaged in discussing the situation, sharing information, and expressing a range of sentiments.
March 9th, 2023 7:31:00 AM MST DefiIgnas Promotes Substack DefiIgnas decides to use the occasion to promote his substack account[10].
March 9th, 2023 8:13:00 AM MST SaucerSwap Unaffected SaucerSwap confirms that they are unaffected[11].
March 9th, 2023 1:18:00 PM MST Hedera Network Shut Off Hedera posts on Twitter to inform users that they have shut off the mainnet proxies, making the network inaccessible[12][13].
March 9th, 2023 1:32:00 PM MST Hedera Confirms Staking Rewards Hedera confirms that staking rewards will still be provided during the exploit downtime, and can be claimed when the network is back online[14].
March 9th, 2023 9:23:00 PM MST Hedera Still Investigating According to DefiIgnas, Hedera is still investigating the issue at this time. Network proxies are turned off, but Hedera core continues to operate through the incident[15].
March 9th, 2023 9:55:00 PM MST Hedera Announces Explanation Hedera posts an announcement about the exploit[16][17].
March 10th, 2023 11:29:00 AM MST Rekt Article Published Blockchain researchers at Rekt publish an article on the situation[18].
March 10th, 2023 7:47:00 PM MST Pangolin Hedera Announces Reimbursement To Pools Pangolin Hedera announces they will be restoring liquidity to affected pools[19]. They offer a promised timeline of 1-2 hours for this process. "We are disabling wallet connections to HashPack while we do this. This is to give us enough time to replenish exploited LPs. Once replenished we will re-enable HashPack and all users can remove, add, swap, and transfer all tokens."
March 10th, 2023 9:52:00 PM MST Reimbursement Taking Longer Than Expected Pangolin posts an update on Twitter to inform the community that the reimbursement is taking "longer than expected" because they "are waiting on several third parties"[20].
March 11th, 2023 11:03:00 AM MST Pangolin Hedera Funds Replenished Pangolin Hedera announces that funds have been replenished in their liquidity pools[21]. "All users' LP has been made whole, and any exploited LP has been replaced". "Everyone's unwavering teamwork and tireless drive to create a solution was nothing short of remarkable."
March 12th, 2023 10:10:00 AM MDT HeliSwap Announces Hedera Vulnerability Explanation The HeliSwap Tweets about a space being hosted to cover over the event[22].

Technical Details

[23][24][25]

On March 9, 2023, the Hedera Network experienced an outage, leading to the pausing of all smart contracts[6]. Later, an official statement from Hedera revealed that the root cause of the problem was identified: an attacker had targeted liquidity pools on various decentralized exchanges (DEXs) that had forked and ported Uniswap v2 to the Hedera Token Service, with some funds being bridged via Hashport[6]. The Hedera team actively worked on a solution to the issue[6].

"Attacker targeted liquidity pools on multiple DEXs that forked and ported Uniswap v2 to Hedera Token Service."

"In a Twitter thread, Hedera explained that “The attacker targeted accounts used as liquidity pools on multiple DEXs that use Uniswap v2-derived contract code ported over to use the Hedera Token Service”."

"The head of Pangolin published a preliminary writeup which states the teams believed that the exploit was “only affecting Hashport tokens. This proved to be false. Further investigation revealed all hts [Hedera Token Service] tokens were at risk”.

This allowed the attacker to burn bridged/wrapped tokens, as well as remove LP positions from the affected DEXs. According to the report, some funds were bridged back to ETH, after the Hashport team deactivated the bridge, the attacker turned to CEXs."

DefiIgnas Technical Analysis

DefiIgnas shared a detailed technical analysis during the chaos of the exploit[6].

1/ There's an ongoing exploit hitting Hedera. All Hedera dApps using Hedera Token Service (HTS), like LP tokens or wrapped tokens are affected. The exploit is targeting the decompiling process in smart contracts. Advice: "Get your funds out now."

2/ The exploit is targeting the decompiling process in smart contracts. Bridged tokens have been frozen by Hashport so users can't bridge to other chains now.

3/ HBAR Foundation tweeted, "We've noticed network irregularities that are impacting various Hedera dApps and their users. The foundation is in communication with impacted partners. We're monitoring and working to help resolve the issue."

4/ Total value locked is dropping fast for Hedera dApps. From Discord discussions, it seems that swapping to HBAR might be the best option. But the situation is still unclear.

5/ "An ongoing exploit have hit the Hedera network this morning. The exploit is targeting the decompiling process in smart contracts. At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets."

6/ "we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately."

7/ Seems like all smart contracts are paused. "Hedera Network is experiencing an outage."

Total Amount Lost

"The report puts losses from Pangolin at $120k. HeliSwap lost just $2K, according to their rundown of events.

The attacker’s alleged addresses contain a total of around $515k; ~$60k of HBAR and $280k of HTS stablecoins on Hedera, and $175k of ETH on Ethereum."

The total amount lost has been estimated at $515,000 USD.

Immediate Reactions

Hedera shut down network proxies on the mainnet, making it inaccessible, during their investigation[6]. However, the "Hedera core" was actively addressing smart contract irregularities[6].

While awaiting an official announcement from Hedera, DefiIgnas shared updates[6].

"The team has identified the root cause of the issue and is working on a solution."


"An ongoing exploit have hit the Hedera network this morning.

The exploit is targeting the decompiling process in smart contracts.

At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets."

"we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately."

"We’ve noticed network irregularities that are impacting various Hedera dApps and their users.

The Foundation is in communication with impacted partners. We’re monitoring and working to help resolve the issue.

Please standby for more information."

"Due to some Hedera network irregularities, Hashport has paused their bridge, and we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately."

"Hedera turned off network proxies on mainnet, effectively making it inaccessible.

But 'Hedera core' continues to work through the smart contract irregularity."

"In an abundance of caution & safety for users, @Hedera is turning off network proxies on mainnet, making it inaccessible. @Hedera core is working through the smart contract irregularities & will re-enable proxies once resolved."

"In an abundance of caution for users, @hedera network services will not be accessible during this period of time. This includes wallets, decentralized & centralized exchanges, decentralized applications, etc."

"Staking rewards will continue to accrue during this time — however, you'll only be able to receive those accrued rewards once the network becomes accessible again."

"Fear, rumour and suspicion took hold as both users and devs attempted to make sense of the chaos.

The “proof-of-stake public ledger”, built on blockchain-alternative Hashgraph, saw its TVL plunge by a third since the attack, from $36.8M to $24.6M.

The HBAR Foundation announced “network irregularities” and, given the widespread nature of the attack, users frantically sought a safe haven for their funds."

Pangolin Hedera Warning

An initial warning was posted to Twitter about a "time critical moment" involving "network irregularities"[4].

Due to some Hedera network irregularities, Hashport has paused their bridge, and we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately. This is a time critical moment, so we'll update as soon as we have more information

SaucerSwap Labs Warning

SaucerSwap Labs posted a warning on Twitter[5].

An ongoing exploit have hit the Hedera network this morning. The exploit is targeting the decompiling process in smart contracts. At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets. We are unsure if other HTS tokens are at risk too. We are actively investigating and are in talks with the other dexes on the network and trying to look for ways to mitigate the vulneribility. There have been no reports of SaucerSwap users getting funds stolen yet, but as a precaution we would encourage everyone to withdraw liquidity immediately - safety first.

DefiIgnas Announcements on Twitter

Twitter user DefiIgnas took to inform the community of events as they were unfolding[6].

1/ There's an ongoing exploit hitting Hedera.

All Hedera dApps using Hedera Token Service (HTS), like LP tokens or wrapped tokens are affected.

The exploit is targeting the decompiling process in smart contracts.

Advice: "Get your funds out now."

2/ The exploit is targeting the decompiling process in smart contracts.

Bridged tokens have been frozen by Hashport so users can't bridge to other chains now.

3/ HBAR Foundation tweeted, "We've noticed network irregularities that are impacting various Hedera dApps and their users.

The foundation is in communication with impacted partners. We're monitoring and working to help resolve the issue."

4/ Total value locked is dropping fast for Hedera dApps.

From Discord discussions, it seems that swapping to HBAR might be the best option.

But the situation is still unclear.

5/ "An ongoing exploit have hit the Hedera network this morning.

The exploit is targeting the decompiling process in smart contracts.

At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets."

6/ "we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately."

7/ Seems like all smart contracts are paused.

"Hedera Network is experiencing an outage."

Hedera Network Shut Down

Hedera posted an announcement to Twitter that they were shutting down the network proxies[12].

In an abundance of caution & safety for users, @Hedera is turning off network proxies on mainnet, making it inaccessible. @Hedera core is working through the smart contract irregularities & will re-enable proxies once resolved. Visit http://status.hedera.com for the latest.

The announcement was further clarified[13].

In an abundance of caution for users, @hedera network services will not be accessible during this period of time. This includes wallets, decentralized & centralized exchanges, decentralized applications, etc. Please visit http://status.hedera.com for the latest information.

Community Reactions on Reddit

A Reddit thread discusses the ongoing exploit[8]. The community reactions are mixed, with some expressing frustration and concern about the exploit, while others make jokes or share experiences of their losses. Some users criticize wrapped tokens and express a lack of trust in bridges due to frequent hacks. There's a mix of emotional responses, from frustration and disappointment to humor and nonchalance. Users share their personal experiences, with some stating their losses and others discussing their skepticism about various projects. Overall, the community is engaged in discussing the situation, sharing information, and expressing a range of sentiments[8].

Confirmation of Staking Rewards

The Hedera team confirmed that they would be maintaining staking rewards during the time of the exploit[14].

Staking rewards will continue to accrue during this time — however, you'll only be able to receive those accrued rewards once the network becomes accessible again.

Hedera Twitter PostMortem

[16]

"Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account. (1/6)

The attacker targeted accounts used as liquidity pools on multiple DEXs that use Uniswap v2-derived contract code ported over to use the Hedera Token Service, including @Pangolin_Hedera, @SaucerSwapLabs, and @HeliSwap_DEX. (2/6)

When the attackers moved tokens obtained through these attacks over the @HashportNetwork bridge, the bridge operators detected the activity and took swift action to disable it. (3/6)

The Hedera community, including @swirldslabs, @HBAR_foundation, @LimeChainHQ, @Pangolin_Hedera, @SaucerSwapLabs, and @HeliSwap_DEX teams worked together to investigate the attack. (4/6)

To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution. (5/6)

Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code on mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal activity to resume. (6/6)"

Ultimate Outcome

"The lack of certainty caused chaos, and what turned out to be around $515k stolen by the attacker, turned into $12M of damage to the ecosystem."

"In a Twitter thread, Hedera explained that “The attacker targeted accounts used as liquidity pools on multiple DEXs that use Uniswap v2-derived contract code ported over to use the Hedera Token Service”."

"The head of Pangolin published a preliminary writeup which states the teams believed that the exploit was “only affecting Hashport tokens. This proved to be false. Further investigation revealed all hts [Hedera Token Service] tokens were at risk”.

This allowed the attacker to burn bridged/wrapped tokens, as well as remove LP positions from the affected DEXs. According to the report, some funds were bridged back to ETH, after the Hashport team deactivated the bridge, the attacker turned to CEXs."

Update Regarding Pangolin Exploited Funds

Pangolin announced that they would be replenishing the exploited funds[19].

IMPORTANT UPDATE FOR HEDERA PANGOLIN USERS

We will be replenishing all lost funds from the exploit

To do this, we will need 1-2hrs to add back in the appropriate USDC[hts]-USDT[hts] & USDC[hts]-HBAR LP tokens.

IMPORTANT: We are disabling wallet connections to HashPack while we do this. This is to give us enough time to replenish exploited LPs. Once replenished we will re-enable HashPack and all users can remove, add, swap, and transfer all tokens.

Pangolin updated their community to report that all funds had been restored to all affected liquidity pools[21].

All funds have been replenished on the affected pools: ️$USDC[hts] - $USDT[hts] and ️$USDC[hts] - $HBAR

@HashPackApp has been re-enabled on Pangolin, and you can now remove, add, swap, and transfer all tokens

In regards to SuperFarm and single-sided staking rewards, we have called our reward vesting bot, which has unpaused rewards emissions

Those who left the farms before HTS tokens were frozen can rejoin. If you have further questions about this, please join our community Discord

All users' LP has been made whole, and any exploited LP has been replaced

We're grateful for the community's steadfast support during these challenging past two days. Thank you.

We're excited to continue building and strengthening the @hedera DeFi ecosystem, and we aim to make it the go-to destination for users for many years to come

Huge thanks to everyone that helped identify and address the exploit: @hedera, @HBAR_foundation,

@swirldslabs, @HashportNetwork, @HeliSwap_DEX, @SaucerSwapLabs.

Everyone's unwavering teamwork and tireless drive to create a solution was nothing short of remarkable

Michael Mumbauer

[26]

Thank you to the Hedera community for sticking with us.

This past week was a shock to the system but we’re ok.

@LiithosEnt is still here. Our mission of building amazing new worlds continues.

We love you guys. Let’s keep fighting, together.

Total Amount Recovered

Although the process took slightly longer than promised[20], all Pangolin Hedera funds were ultimately restored[19][21].

Ongoing Developments

Pangolin Hedera continues to operate as a network[21].

We're excited to continue building and strengthening the @hedera DeFi ecosystem, and we aim to make it the go-to destination for users for many years to come

Individual Prevention Policies

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Further scrutiny by platforms may have helped to uncover the vulnerability before it was exploited. It is also important to place more assets, particularly key treasury assets, within a simpler multi-signature arrangement, which would typically have a lot less risk than more complex smart contracts.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

In general, blockchain-level exploits can be resolved by reverting the blockchain to a prior state, which restores all funds to their prior ownership and limits potential losses to those who are transacting between the time of the exploit and the time of the revert. Effort should be undertaken by node operators to switch to a branch that eliminates the exploit as soon as possible to minimize losses. Any remaining losses would be resolved through the industry insurance fund.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 Hedera Homepage (May 3, 2023)
  2. 2.0 2.1 2.2 2.3 2.4 "Swiss Hashgraph Association" Launches the "Hashgraph Innovation Program" to Accelerate Adoption of the Hedera Network Worldwide (May 3, 2023)
  3. Hedera TVL - DefiLlama (May 3, 2023)
  4. 4.0 4.1 Pangolin_Hedera - "Due to some Hedera network irregularities, Hashport has paused their bridge, and we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately." - Twitter (May 3, 2023)
  5. 5.0 5.1 SaucerSwap Labs - "An ongoing exploit have hit the Hedera network this morning. The exploit is targeting the decompiling process in smart contracts. At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets. We are unsure if other HTS tokens are at risk too." - Twitter (May 18, 2023)
  6. 6.0 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 DefiIgnas - "There's an ongoing exploit hitting Hedera. All Hedera dApps using Hedera Token Service (HTS), like LP tokens or wrapped tokens are affected. The exploit is targeting the decompiling process in smart contracts." - Twitter (May 3, 2023)
  7. DefiIgnas - "Hedera Network is experiencing an outage." - Twitter (May 18, 2023)
  8. 8.0 8.1 8.2 EXPLOIT: HBAR (Hedera network) Experiencing ongoing exploit - DEXs TVL tanking -30% - Reddit (Mar 9, 2023)
  9. EXPLOIT: HBAR (Hedera network) Experiencing ongoing exploit - DEXs TVL tanking -30% - Reddit Archive March 9th, 2023 7:26:44 AM MST (Feb 1, 2024)
  10. DefiIgnas - "While we wait for an official announcement from Hedera... I invite you to join my Substack for cool DeFi stuff not found elsewhere" - Twitter (May 18, 2023)
  11. SaucerSwap Labs - "UPDATE: We no longer advise users to withdraw liquidity. SaucerSwap is unaffected." - Twitter (May 18, 2023)
  12. 12.0 12.1 hedera - "In an abundance of caution & safety for users, @Hedera is turning off network proxies on mainnet, making it inaccessible. @Hedera core is working through the smart contract irregularities & will re-enable proxies once resolved." - Twitter (May 3, 2023)
  13. 13.0 13.1 hedera - "In an abundance of caution for users, @hedera network services will not be accessible during this period of time. This includes wallets, decentralized & centralized exchanges, decentralized applications, etc." - Twitter (May 3, 2023)
  14. 14.0 14.1 hedera - "Staking rewards will continue to accrue during this time — however, you'll only be able to receive those accrued rewards once the network becomes accessible again." - Twitter (May 3, 2023)
  15. DefiIgnas - "Hedera is still investigating the issue. Hedera turned off network proxies on mainnet, effectively making it inaccessible. But 'Hedera core' continues to work through the smart contract irregularity." - Twitter (May 18, 2023)
  16. 16.0 16.1 hedera - "Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account." - Twitter (May 3, 2023)
  17. DefiIgnas - "The team has identified the root cause of the issue and is working on a solution." - Twitter (May 18, 2023)
  18. RektHQ - "A nebulous threat rattled the entire @hedera ecosystem yesterday. Dapps from across the network were affected, and Hedera remains down while investigations continue." - Twitter (May 3, 2023)
  19. 19.0 19.1 19.2 Pangolin Hedera - "IMPORTANT UPDATE FOR HEDERA PANGOLIN USERS We will be replenishing all lost funds from the exploit" - Twitter (May 30, 2023)
  20. 20.0 20.1 Pangolin Hedera - "We are waiting on several third parties and replenishing all lost funds will take longer than expected." - Twitter (Jan 17, 2024)
  21. 21.0 21.1 21.2 21.3 Pangolin Hedera - "All funds have been replenished on the affected pools: ️$USDC[hts] - $USDT[hts] and ️$USDC[hts] - $HBAR" - Twitter (May 30, 2023)
  22. HeliSwap - "#HBARbarians, Hedera mainnet is upgraded, fund are #SAFU. We will host a Space with @Pangolin_Hedera, @HashportNetwork, and @thehbarbull to explain the details and discuss the key takeaways from the event. Set a reminder and join our discussion!" - Twitter (May 30, 2023)
  23. https://hashscan.io/mainnet/transaction/1678211946.831147990?tid=0.0.1030878-1678211935-103568959 (May 3, 2023)
  24. https://hashscan.io/mainnet/account/0.0.2015717 (May 3, 2023)
  25. Address 0x2fd2a8d39fd7c4751fea109a86fa4cdd989e6ad3 | Etherscan (May 3, 2023)
  26. Michael Mumbauer - "Thank you to the Hedera community for sticking with us. This past week was a shock to the system but we’re ok." - Twitter (May 30, 2023)