Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Though the exploit in the Decentralized Finance (DeFi) ecosystem in this first quarter is not so pronounced, we have been seeing protocol exploitations on a consistent basis. One of the latest is the hack of the Hedera protocol, as announced by the proof-of-stake (PoS) network earlier today.
According to Hedera, the attacker targeted the Smart Contract Service code by exploiting accounts used as liquidity pools on multiple DEXes that use Uniswap v2-derived contract code ported over to Hedera Token Service. Per Hedera, the impacted protocols include Pangolin Hedera, SaucerSwap Labs and HeliSwap, respectively.
In a recent tweet shared by data intelligence firm CertiK, a total of approximately $570,000 has been confirmed stolen from the Hedera protocol thus far.
#CertiKSkynetAlert 🚨
— CertiK Alert (@CertiKAlert) March 10, 2023
Update on the exploit on @hedera
We have confirmed at least ~$570k worth of assets has been stolen by the exploiter
The @hedera team are continuing to work on a solution
See more below 👇https://t.co/iE2BoQTjwy
While the sum appears small, it lends credence to the swift move from the protocol's partners, who reportedly acted swiftly to block funds movement from hackers. The Hedera team said it has taken more proactive steps to prevent additional fund drain.
“To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution” the update reads.
Is there an end to these exploits?
Unlike financial services firms in the traditional banking sector, those operating in Web3.0 are notably prone to these exploits from cyber criminals.
While it is often been touted as a highly secure technology, hackers have devised clever means to deceive users in order to gain access to their private keys and other important data that can harm them. For protocols, the loophole in the security design has also been used as a backdoor to gain access to a platform's controls to drain funds.
User awareness of bridges and wallets remains one of the most important campaign agendas of start-ups in the space.