Mainnet network proxies disabled
Incident Report for Hedera
Resolved
The Hedera mainnet has been upgraded to patch the vulnerability and mainnet is now running and available.

Details on the attack will soon be made available.
Posted Mar 11, 2023 - 02:08 UTC
Identified
Today, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own account. The attacker targeted accounts used as liquidity pools at multiple DEXes that use Uniswap v2-derived contract code ported over to use the Hedera Token Service, including Pangolin, SaucerSwap, and HeliSwap. When the attackers moved tokens obtained through these attacks over the Hashport bridge, the bridge operators detected the activity and took swift action to disable it.

The Hedera community, including Swirlds Labs, The HBAR Foundation, Limechain, Pangolin, SaucerSwap, and HeliSwap teams, worked together to investigate the attack. To prevent the attacker from being able to steal more tokens, Hedera turned off mainnet proxies, which removed user access to the mainnet. The team has identified the root cause of the issue and are working on a solution.
Once the solution is ready, Hedera Council members will sign transactions to approve the deployment of the code on mainnet to remove this vulnerability, at which point the mainnet proxies will be turned back on, allowing normal activity to resume.
Posted Mar 10, 2023 - 04:41 UTC
Update
We are continuing to investigate this issue.
Posted Mar 09, 2023 - 20:15 UTC
Investigating
Out of an abundance of caution & safety for retail users, Hedera is turning off network proxies on mainnet, effectively making it inaccessible.

Hedera core will continue to work through the smart contract irregularity. Subscribe to status.hedera.com for the latest info.
Posted Mar 09, 2023 - 20:14 UTC
This incident affected: Hedera Mainnet (v0.55.2) | Network Uptime and Hedera Mainnet (v0.55.2) | Individual Nodes (Node 1 (account 0.0.4) | Hosted by Swirlds | Iowa, USA, Node 2 (account 0.0.5) | Hosted by FIS | Florida, USA, Node 3 (account 0.0.6) | Hosted for Wipro | Singapore, Republic of Singapore, Node 4 (account 0.0.7) | Hosted by Nomura | Vilnius, Lithuania, Node 5 (account 0.0.8) | Hosted by Google | Helsinki, Finland, Node 6 (account 0.0.9) | Hosted by Zain Group | Kuwait City, Kuwait, Node 7 (account 0.0.10) | Hosted by Magalu | Naaldwijk, Netherlands, Node 8 (account 0.0.11) | Hosted by Boeing | Washington, USA, Node 9 (account 0.0.12) | Hosted by DLA Piper | Helsinki, Finland, Node 10 (account 0.0.13) | Hosted for Tata Communications | Oregon, USA, Node 11 (account 0.0.14) | Hosted by IBM | Texas, USA, Node 12 (account 0.0.15) | Hosted for Deutsche Telekom | Helsinki, Finland, Node 13 (account 0.0.16) | Hosted by UCL | London, UK, Node 14 (account 0.0.17) | Hosted for Avery Dennison | Pennsylvania, USA, Node 15 (account 0.0.18) | Hosted by Dentons | Singapore, Node 16 (account 0.0.19) | Hosted for Standard Bank | Johannesburg, South Africa, Node 17 (account 0.0.20) | Hosted by Australian Payments Plus | Sydney, Australia, Node 18 (account 0.0.21) | Hosted by EDF | Paris, France, Node 19 (account 0.0.22) | Hosted for Shinhan Bank | London, UK, Node 20 (account 0.0.23) | Hosted by Chainlink Labs | Michigan, USA, Node 21 (account 0.0.24) | Hosted by LSE | London, UK, Node 22 (account 0.0.25) | Hosted for IIT Madras | Naaldwijk, Netherlands, Node 24 (account 0.0.27) | Hosted for ServiceNow | Washington, USA, Node 25 (account 0.0.28) | Hosted by Ubisoft | Quebec, Canada, Node 26 (account 0.0.29) | Hosted by abrdn | London, UK, Node 30 (account 0.0.33) | Hosted for Mondelēz International | Singapore, Republic of Singapore).