Hedera incident

Mainnet network proxies disabled

Critical Resolved View vendor source →

Hedera experienced a critical incident on March 9, 2023 affecting Hedera Mainnet (v0.72.1) | Network Uptime and Node 1 (account 0.0.4) | Hosted by Swirlds | Iowa, USA and 1 more component, lasting 1d 5h. The incident has been resolved; the full update timeline is below.

Started
Mar 09, 2023, 08:14 PM UTC
Resolved
Mar 11, 2023, 02:08 AM UTC
Duration
1d 5h
Detected by Pingoru
Mar 09, 2023, 08:14 PM UTC

Affected components

Hedera Mainnet (v0.72.1) | Network UptimeNode 1 (account 0.0.4) | Hosted by Swirlds | Iowa, USANode 3 (account 0.0.6) | Hosted for Wipro | Amsterdam, NetherlandsNode 4 (account 0.0.7) | Hosted by Nomura | Tokyo, JapanNode 5 (account 0.0.8) | Hosted by Google | Helsinki, FinlandNode 6 (account 0.0.9) | Hosted by Zain Group | Kuwait City, KuwaitNode 7 (account 0.0.10) | Hosted by Magalu | São Paulo, BrazilNode 9 (account 0.0.12) | Hosted by DLA Piper | Helsinki, FinlandNode 10 (account 0.0.13) | Hosted by Tata Communications | Frankfurt, GermanyNode 11 (account 0.0.14) | Hosted by IBM | Texas, USA

Update timeline

  1. investigating Mar 09, 2023, 08:14 PM UTC

    Out of an abundance of caution & safety for retail users, Hedera is turning off network proxies on mainnet, effectively making it inaccessible. Hedera core will continue to work through the smart contract irregularity. Subscribe to status.hedera.com for the latest info.

  2. investigating Mar 09, 2023, 08:15 PM UTC

    We are continuing to investigate this issue.

  3. identified Mar 10, 2023, 04:41 AM UTC

    Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account. The attacker targeted accounts used as liquidity pools at multiple DEXes that use Uniswap v2-derived contract code ported over to use the Hedera Token Service, including Pangolin, SaucerSwap, and HeliSwap. When the attackers moved tokens obtained through these attacks over the Hashport bridge, the bridge operators detected the activity and took swift action to disable it. The Hedera community, including Swirlds Labs, The HBAR Foundation, Limechain, Pangolin, SaucerSwap, and HeliSwap teams, worked together to investigate the attack. To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution. Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of the code on mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal activity to resume.

  4. resolved Mar 11, 2023, 02:08 AM UTC

    The Hedera mainnet has been upgraded to patch the vulnerability and mainnet is now running and available. Details on the attack will soon be made available.