Hedera Token Service Exploited
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Hedera Hashgraph is a decentralized, open-source, proof-of-stake public ledger that utilizes the leaderless, asynchronous Byzantine Fault Tolerance (aBFT) hashgraph consensus algorithm. It is governed by a decentralized council of leading enterprises, universities, and web3 projects from around the world. Hedera's performance-optimized Ethereum Virtual Machine (EVM) smart contracts, along with its easy-to-use native tokenization and consensus service APIs, enable developers to create real-time web3 applications and ecosystems that will drive the future of the internet. Unfortunately, there was an ongoing exploit that hit the Hedera network, which is targeting the decompiling process in smart contracts. At the time of writing, attackers have hit Pangolin and HeliSwap pools containing wrapped assets. Hedera has turned off network proxies on mainnet, effectively making it inaccessible, but "Hedera core" continues to work through the smart contract irregularity. The lack of certainty caused chaos, and what turned out to be around $515k stolen by the attacker turned into $12M of damage to the ecosystem.
About Hedera Blockchain
"Powering native web3 ecosystems and institutional applications for the next generation of the web"
"An open source, public network governed by leading organizations around the world The Hedera Governing Council is a decentralized and transparent governing body of independent, global organizations consisting of enterprises, web3 projects, and prestigious universities."
"The Hedera codebase and ecosystem standards are open source and contributed by the community through Hedera Improvement Proposals (HIPs). The community consists of Hedera application and ecosystem developers, node operators, and peripheral organizations."
"Hedera is a decentralized, open-source, proof-of-stake public ledger that utilizes the leaderless, asynchronous Byzantine Fault Tolerance (aBFT) hashgraph consensus algorithm. It is governed by a collusion-resistant, decentralized council of leading enterprises, universities, and web3 projects from around the world.
Hedera’s performance-optimized Ethereum Virtual Machine (EVM) smart contracts, along with its easy-to-use native tokenization and consensus service APIs, enable developers to create real-time web3 applications and ecosystems that will drive the future of the internet.
Hedera is built differently from other blockchains. It has high throughput with fast finality; low, predictable fees; fair transaction ordering with consensus timestamps; and a robust codebase that ensures scalability and reliability at every layer of its network infrastructure. Hedera is governed responsibly by the world’s leading organizations to ensure that the network is collusion-resistant."
"HTS was audited by FP Complete in 2021."
"An ongoing exploit have hit the Hedera network this morning.
The exploit is targeting the decompiling process in smart contracts.
At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets."
"we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately."
"We’ve noticed network irregularities that are impacting various Hedera dApps and their users.
The Foundation is in communication with impacted partners. We’re monitoring and working to help resolve the issue.
Please standby for more information."
"Due to some Hedera network irregularities, Hashport has paused their bridge, and we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately."
"Hedera turned off network proxies on mainnet, effectively making it inaccessible.
But 'Hedera core' continues to work through the smart contract irregularity."
"In an abundance of caution & safety for users, @Hedera is turning off network proxies on mainnet, making it inaccessible. @Hedera core is working through the smart contract irregularities & will re-enable proxies once resolved."
"In an abundance of caution for users, @hedera network services will not be accessible during this period of time. This includes wallets, decentralized & centralized exchanges, decentralized applications, etc."
"Staking rewards will continue to accrue during this time — however, you'll only be able to receive those accrued rewards once the network becomes accessible again."
"Fear, rumour and suspicion took hold as both users and devs attempted to make sense of the chaos.
The “proof-of-stake public ledger”, built on blockchain-alternative Hashgraph, saw its TVL plunge by a third since the attack, from $36.8M to $24.6M.
The HBAR Foundation announced “network irregularities” and, given the widespread nature of the attack, users frantically sought a safe haven for their funds."
"The team has identified the root cause of the issue and is working on a solution.
Attacker targeted liquidity pools on multiple DEXs that forked and ported Uniswap v2 to Hedera Token Service."
"The lack of certainty caused chaos, and what turned out to be around $515k stolen by the attacker, turned into $12M of damage to the ecosystem."
"In a Twitter thread, Hedera explained that “The attacker targeted accounts used as liquidity pools on multiple DEXs that use Uniswap v2-derived contract code ported over to use the Hedera Token Service”."
"The head of Pangolin published a preliminary writeup which states the teams believed that the exploit was “only affecting Hashport tokens. This proved to be false. Further investigation revealed all hts [Hedera Token Service] tokens were at risk”.
This allowed the attacker to burn bridged/wrapped tokens, as well as remove LP positions from the affected DEXs. According to the report, some funds were bridged back to ETH, after the Hashport team deactivated the bridge, the attacker turned to CEXs."
"The report puts losses from Pangolin at $120k. HeliSwap lost just $2K, according to their rundown of events.
The attacker’s alleged addresses contain a total of around $515k; ~$60k of HBAR and $280k of HTS stablecoins on Hedera, and $175k of ETH on Ethereum."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| March 9th, 2023 3:02:11 AM MST | Funds Bridged To Ethereum | The first batch of funds are bridged to Ethereum by the attacker. |
| March 9th, 2023 3:08:00 AM MST | Pangolin Hedera Warning | Pangolin Hedera posts on Twitter to warn about irregularities in the Hedera blockchain and that they have paused their bridge service[4]. |
| March 9th, 2023 4:46:00 AM MST | SaucerSwap Labs Warning | SaucerSwap Labs posts a warning to Twitter and notes they are "actively investigating"[5]. |
| March 9th, 2023 6:24:00 AM MST | DefiIgnas Twitter Warning | Twitter user DefiIgnas posts a warning about the ongoing exploit of the Hedera network[6]. |
| March 9th, 2023 6:39:00 AM MST | HashPort Unavailable | According to DefiIgnas, the HashPort service reports that "Hedera Network is experiencing an outage."[7] |
| March 9th, 2023 7:31:00 AM MST | DefiIgnas Promotes Substack | DefiIgnas decides to use the occasion to promote his substack account[8]. |
| March 9th, 2023 8:13:00 AM MST | SaucerSwap Unaffected | SaucerSwap confirms that they are unaffected[9]. |
| March 9th, 2023 1:18:00 PM MST | Hedera Network Shut Off | Hedera posts on Twitter to inform users that they have shut off the mainnet proxies, making the network inaccessible[10][11]. |
| March 9th, 2023 1:32:00 PM MST | Hedera Confirms Staking Rewards | Hedera confirms that staking rewards will still be provided during the exploit downtime, and can be claimed when the network is back online[12]. |
| March 9th, 2023 9:23:00 PM MST | Hedera Still Investigating | According to DefiIgnas, Hedera is still investigating the issue at this time. Network proxies are turned off, but Hedera core continues to operate through the incident[13]. |
| March 9th, 2023 9:55:00 PM MST | Hedera Announces Explanation | Hedera posts an announcement about the exploit[14][15]. |
| March 10th, 2023 11:29:00 AM MST | Rekt Article Published | Blockchain researchers at Rekt publish an article on the situation[16]. |
| March 10th, 2023 7:47:00 PM MST | Pangolin Hedera Announces Reimbursement To Pools | Pangolin Hedera announces they will be restoring liquidity to affected pools[17]. |
| March 11th, 2023 11:03:00 AM MST | Pangolin Hedera Funds Replenished | Pangolin Hedera announces that funds have been replenished in their liquidity pools[18]. |
| March 12th, 2023 10:10:00 AM MDT | HeliSwap Announces Hedera Vulnerability Explanation | The HeliSwap Tweets about a space being hosted to cover over the event[19]. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
DefiIgnas Technical Analysis
Total Amount Lost
The total amount lost has been estimated at $515,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Pangolin Hedera Warning
SaucerSwap Labs Warning
SaucerSwap Labs posted a warning on Twitter[5].
An ongoing exploit have hit the Hedera network this morning. The exploit is targeting the decompiling process in smart contracts. At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets. We are unsure if other HTS tokens are at risk too. We are actively investigating and are in talks with the other dexes on the network and trying to look for ways to mitigate the vulneribility. There have been no reports of SaucerSwap users getting funds stolen yet, but as a precaution we would encourage everyone to withdraw liquidity immediately - safety first.
DefiIgnas Announcements on Twitter
Twitter user DefiIgnas took to inform the community of events as they were unfolding[6].
1/ There's an ongoing exploit hitting Hedera.
All Hedera dApps using Hedera Token Service (HTS), like LP tokens or wrapped tokens are affected.
The exploit is targeting the decompiling process in smart contracts.
Advice: "Get your funds out now."
2/ The exploit is targeting the decompiling process in smart contracts.
Bridged tokens have been frozen by Hashport so users can't bridge to other chains now.
3/ HBAR Foundation tweeted, "We've noticed network irregularities that are impacting various Hedera dApps and their users.
The foundation is in communication with impacted partners. We're monitoring and working to help resolve the issue."
4/ Total value locked is dropping fast for Hedera dApps.
From Discord discussions, it seems that swapping to HBAR might be the best option.
But the situation is still unclear.
5/ "An ongoing exploit have hit the Hedera network this morning.
The exploit is targeting the decompiling process in smart contracts.
At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets."
6/ "we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately."
7/ Seems like all smart contracts are paused.
"Hedera Network is experiencing an outage."
Hedera Network Shut Down
Hedera posted an announcement to Twitter that they were shutting down the network proxies[10].
In an abundance of caution & safety for users, @Hedera is turning off network proxies on mainnet, making it inaccessible. @Hedera core is working through the smart contract irregularities & will re-enable proxies once resolved. Visit http://status.hedera.com for the latest.
The announcement was further clarified[11].
In an abundance of caution for users, @hedera network services will not be accessible during this period of time. This includes wallets, decentralized & centralized exchanges, decentralized applications, etc. Please visit http://status.hedera.com for the latest information.
Confirmation of Staking Rewards
The Hedera team confirmed that they would be maintaining staking rewards during the time of the exploit[12].
Staking rewards will continue to accrue during this time — however, you'll only be able to receive those accrued rewards once the network becomes accessible again.
Hedera Twitter PostMortem
"Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account. (1/6)
The attacker targeted accounts used as liquidity pools on multiple DEXs that use Uniswap v2-derived contract code ported over to use the Hedera Token Service, including @Pangolin_Hedera, @SaucerSwapLabs, and @HeliSwap_DEX. (2/6)
When the attackers moved tokens obtained through these attacks over the @HashportNetwork bridge, the bridge operators detected the activity and took swift action to disable it. (3/6)
The Hedera community, including @swirldslabs, @HBAR_foundation, @LimeChainHQ, @Pangolin_Hedera, @SaucerSwapLabs, and @HeliSwap_DEX teams worked together to investigate the attack. (4/6)
To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution. (5/6)
Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of updated code on mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal activity to resume. (6/6)"
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Update Regarding Pangolin Exploited Funds
Panglin announced that they would be replenishing the exploited funds[17].
IMPORTANT UPDATE FOR HEDERA PANGOLIN USERS
We will be replenishing all lost funds from the exploit
To do this, we will need 1-2hrs to add back in the appropriate USDC[hts]-USDT[hts] & USDC[hts]-HBAR LP tokens.
IMPORTANT: We are disabling wallet connections to HashPack while we do this. This is to give us enough time to replenish exploited LPs. Once replenished we will re-enable HashPack and all users can remove, add, swap, and transfer all tokens.
Pangolin updated their community to report that all funds had been restored to all affected liquidity pools[18].
All funds have been replenished on the affected pools: ️$USDC[hts] - $USDT[hts] and ️$USDC[hts] - $HBAR
@HashPackApp has been re-enabled on Pangolin, and you can now remove, add, swap, and transfer all tokens
In regards to SuperFarm and single-sided staking rewards, we have called our reward vesting bot, which has unpaused rewards emissions
Those who left the farms before HTS tokens were frozen can rejoin. If you have further questions about this, please join our community Discord
All users' LP has been made whole, and any exploited LP has been replaced
We're grateful for the community's steadfast support during these challenging past two days. Thank you.
We're excited to continue building and strengthening the @hedera DeFi ecosystem, and we aim to make it the go-to destination for users for many years to come
Huge thanks to everyone that helped identify and address the exploit: @hedera, @HBAR_foundation,
@swirldslabs, @HashportNetwork, @HeliSwap_DEX, @SaucerSwapLabs.
Everyone's unwavering teamwork and tireless drive to create a solution was nothing short of remarkable
Michael Mumbauer
Thank you to the Hedera community for sticking with us.
This past week was a shock to the system but we’re ok.
@LiithosEnt is still here. Our mission of building amazing new worlds continues.
We love you guys. Let’s keep fighting, together.
Total Amount Recovered
All Pangolin Hedera funds were restored[17][18].
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Further scrutiny by platforms may have helped to uncover the vulnerability before it was exploited. It is also important to place more assets, particularly key treasury assets, within a simpler multi-signature arrangement, which would typically have a lot less risk than more complex smart contracts.
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
In general, blockchain-level exploits can be resolved by reverting the blockchain to a prior state, which restores all funds to their prior ownership and limits potential losses to those who are transacting between the time of the exploit and the time of the revert. Effort should be undertaken by node operators to switch to a branch that eliminates the exploit as soon as possible to minimize losses. Any remaining losses would be resolved through the industry insurance fund.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Hedera TVL - DefiLlama (May 3, 2023)
- ↑ Hello future | Hedera (May 3, 2023)
- ↑ "Swiss Hashgraph Association" Launches the "Hashgraph Innovation Program" to Accelerate Adoption of the Hedera Network Worldwide (May 3, 2023)
- ↑ 4.0 4.1 Pangolin_Hedera - "Due to some Hedera network irregularities, Hashport has paused their bridge, and we'd encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately." - Twitter (May 3, 2023)
- ↑ 5.0 5.1 SaucerSwap Labs - "An ongoing exploit have hit the Hedera network this morning. The exploit is targeting the decompiling process in smart contracts. At time of writing attackers have hit Pangolin and HeliSwap pools containing wrapped assets. We are unsure if other HTS tokens are at risk too." - Twitter (May 18, 2023)
- ↑ 6.0 6.1 6.2 DefiIgnas - "There's an ongoing exploit hitting Hedera. All Hedera dApps using Hedera Token Service (HTS), like LP tokens or wrapped tokens are affected. The exploit is targeting the decompiling process in smart contracts." - Twitter (May 3, 2023)
- ↑ DefiIgnas - "Hedera Network is experiencing an outage." - Twitter (May 18, 2023)
- ↑ DefiIgnas - "While we wait for an official announcement from Hedera... I invite you to join my Substack for cool DeFi stuff not found elsewhere" - Twitter (May 18, 2023)
- ↑ SaucerSwap Labs - "UPDATE: We no longer advise users to withdraw liquidity. SaucerSwap is unaffected." - Twitter (May 18, 2023)
- ↑ 10.0 10.1 hedera - "In an abundance of caution & safety for users, @Hedera is turning off network proxies on mainnet, making it inaccessible. @Hedera core is working through the smart contract irregularities & will re-enable proxies once resolved." - Twitter (May 3, 2023)
- ↑ 11.0 11.1 hedera - "In an abundance of caution for users, @hedera network services will not be accessible during this period of time. This includes wallets, decentralized & centralized exchanges, decentralized applications, etc." - Twitter (May 3, 2023)
- ↑ 12.0 12.1 hedera - "Staking rewards will continue to accrue during this time — however, you'll only be able to receive those accrued rewards once the network becomes accessible again." - Twitter (May 3, 2023)
- ↑ DefiIgnas - "Hedera is still investigating the issue. Hedera turned off network proxies on mainnet, effectively making it inaccessible. But 'Hedera core' continues to work through the smart contract irregularity." - Twitter (May 18, 2023)
- ↑ 14.0 14.1 hedera - "Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account." - Twitter (May 3, 2023)
- ↑ DefiIgnas - "The team has identified the root cause of the issue and is working on a solution." - Twitter (May 18, 2023)
- ↑ RektHQ - "A nebulous threat rattled the entire @hedera ecosystem yesterday. Dapps from across the network were affected, and Hedera remains down while investigations continue." - Twitter (May 3, 2023)
- ↑ 17.0 17.1 17.2 Pangolin Hedera - "IMPORTANT UPDATE FOR HEDERA PANGOLIN USERS We will be replenishing all lost funds from the exploit" - Twitter (May 30, 2023)
- ↑ 18.0 18.1 18.2 Pangolin Hedera - "All funds have been replenished on the affected pools: ️$USDC[hts] - $USDT[hts] and ️$USDC[hts] - $HBAR" - Twitter (May 30, 2023)
- ↑ HeliSwap - "#HBARbarians, Hedera mainnet is upgraded, fund are #SAFU. We will host a Space with @Pangolin_Hedera, @HashportNetwork, and @thehbarbull to explain the details and discuss the key takeaways from the event. Set a reminder and join our discussion!" - Twitter (May 30, 2023)
- ↑ https://hashscan.io/mainnet/transaction/1678211946.831147990?tid=0.0.1030878-1678211935-103568959 (May 3, 2023)
- ↑ https://hashscan.io/mainnet/account/0.0.2015717 (May 3, 2023)
- ↑ Address 0x2fd2a8d39fd7c4751fea109a86fa4cdd989e6ad3 | Etherscan (May 3, 2023)
- ↑ Michael Mumbauer - "Thank you to the Hedera community for sticking with us. This past week was a shock to the system but we’re ok." - Twitter (May 30, 2023)