HBARX: Update o...
HBARX: Update on NearX security incident
Update on NearX security incident
On 16 Aug 2022, an exploit was found and used on Stader’s liquid staking solution on the NEAR blockchain. The attack was quickly discovered and contained, the total value loss was limited to 165k Near (~800k USD). In this blog, we will take a deeper look at the nature of the exploit, how it was specific to the Near blockchain and why it won’t affect HBAR or any of Stader’s other liquid staking solutions.
To understand the exploit we need to understand an aspect particular to NEAR.
Most blockchains have a token standard and reference implementation of that standard (HTS in the case of HBAR). Near has prescribed token specifications for NEP 141, but the implementation as per specifications was to be done by Stader itself. This is a regular process followed by each protocol on Near.
Our token implementation for NearX (Stader’s liquid staking token on Near) was where the bug was exploited. A specific edge case in the implementation of the token standard by Stader led to the bug that resulted in the exploit. The malicious actor was able to build up a large position in NearX without staking or interacting with the staking contract. The attacker then went on to drain liquidity on the DEX pools. Our monitoring systems caught the issue and we paused the NearX contract to limit the damage.
It bears noting that our staking contract which controls the workflows and staked funds had no issues and staked Near remained and remains safe.
Stader has announced that we will revert NearX back to a pre-attack state and make the affected users whole by covering the ~165k Near losses. You can read the announcement here
Why can this not happen on HBAR?
Additionally, our HBAR staking implementation has been stress tested across several months, with 86k+ transactions and 12k+ users. As a precaution, we continue to work with security experts to stress test all our contracts.
As always we thank you, the Hedera community, for your support. Feel free to reach out to us on our Telegram channel. We will also, be hosting AMAs over the coming days to provide more details and answer your queries.
Join Stader’s newsletter
Get the latest updates, new DeFi strategies and exclusive offers right in your email box