Hedera, the public distributed network governed by 28 major corporates, has suffered a hack and has been taken offline. Hackers are targeting liquidity pools that hold large amounts of tokens to enable trading on decentralized exchanges (DEXs), and some tokens have been stolen. Some of the DEXs are encouraging users to withdraw tokens from the liquidity pools.
According to one of the Hedera DEXs, SaucerSwap, the attack targeted the decompiling process in smart contracts. In other words, the vulnerability is at a deeper level and not limited to one particular smart contract but many smart contracts. However, SaucerSwap subsequently said its code was written in a way that means it is unaffected.
Hedera acknowledged the issue and said it turned off access to the mainnet while investigating the matter.
Shutting down Hedera is relatively easy compared to fully permissionless public blockchains. That’s because the 28 corporates are the only ones that operate nodes allowing transactions to be written to the ledger. That architecture was devised to prevent governance forks and address issues like the current one.
Some of the companies operating the nodes include IBM, Google, Nomura, Abrdn, FIS, Dell, Deutsche Telekom and DLA Piper.
However, Hedera plans to transition to a permissionless network eventually.
In the early days, most of Hedera’s code was also proprietary but has gradually been open-sourced.
The current iteration of the smart contract code was launched in February 2022. It is an implementation of the Hyperledger Besu EVM, so it uses Ethereum’s solidity smart contract language. Unlike Ethereum transaction gas costs, which depend on congestion, Hedera’s are fixed.
