Hedera confirms hackers stole tokens from DEXs, exploiting a bug in 'smart contract service'
The attackers took advantage of a vulnerability in the "Hedera smart contract service" to transfer the Hedera Token Service (HTS) tokens held in users' accounts to their own accounts. The Hedera smart contract service is a separate computing layer integrated with the network to help run Ethereum-compatible apps.
Longer thread,
If DeFi is to grow up, every protocol using so-called smart contracts must stress-test every such contract for every imaginable exploit - and get some evil bastards to think up those "unimaginable" exploits too!
I truly don't care about the "De" in DeFi when most thefts are from exploits. What I'd like to see are stronger and more resilient systems that monitor themselves. That "De" is just a sales joke. In this case, the Hedera team could freeze access to the chain to avoid further exploits. In what way is that "decentralised"? It isn't. But decentralisation means nothing without security; not even mentioning the collusion of d'cent governance.
Shame, as Hedera was a good project.
The HBAR coin price hasn't really reacted yet, beyond following the general crypto drop. I suspect this is due to the mainnet access being switched off.