Hedera’s (HBAR) core team announced that the network was experiencing “smart contract irregularities” about an hour before the time of writing.
The team stated:
“The @hedera core team is actively investigating the smart contract irregularity that has been discovered.
They are working directly with teams across the DeFi ecosystem to determine the cause and potential impact.
Updates will be provided as they become available.”
Earlier today, the HBAR Foundation said it noticed network irregularities and noted that the Foundation has been working on discovering the issue.
Even though Hedera’s official channels shared no other information, there is an exploit targeting Hedera smart contracts, according to @DefiIgnas. He published a thread describing the Hedera exploit about three hours before the HBAR Foundation’s first tweet.
According to the thread, the exploit is targeting the decompiling process in smart contracts and affecting all Hedera dApps that are using Hedera Token Service (HTS).
However, it was noticed that the attackers had already hit pangolin and HeliSwap pools that contained wrapped assets. Detecting the irregularities, Hashport temporarily paused its bridge.
Pangolin announced the attack via its official Twitter address and advised all users to withdraw their funds as soon as possible.
Due to some Hedera network irregularities, Hashport has paused their bridge, and we’d encourage anyone with HTS tokens in Pangolin Pools and Farms to withdraw immediately.
This is a time critical moment, so we’ll update as soon as we have more information
— Pangolin Hedera (@Pangolin_Hedera) March 9, 2023