Above all, Hedera Hashgraph is a very different blockchain project from the vast majority of reputable projects included within the cryptocurrency market. Hedera is marketed as a decentralized blockchain accessible through the HBAR token, but ultimately it is an enterprise-controlled distributed LEDGER that offers Web3 services. The HBAR token simply moves value across the platform.
By most definitions of “decentralized,” Hedera would not fit the description. HBAR holders have zero direct power over the Hedera network as it is most directly controlled by an elected Board appointed by the HGC. The board controls everything from what HIPs get approved and how the network progresses to the exact management of the Hedera Treasury, which accounts for a significant portion of outstanding HBAR tokens.
From the perspective of an enterprise, Hedera serves as a distributed ledger that allows some of the world’s largest and most prominent corporations to collaborate on building and deploying applications, tools, and services that allow them to take advantage of DLTs. This comes in many forms, including supply chain management, gaming, fraud mitigation, digital identity, permissioned blockchain management, and more.
Hedera fills in the utilities of what is a much larger blockchain economy far beyond crypto as a use case, offering otherwise missing services that are simply not as feasible on public, crypto-run blockchains like Ethereum.
The Hedera Mainnet is made up of permissioned consensus nodes run by the Hedera Governing Council. The network has specific requirements for the hardware, connectivity, and hosting of these nodes to ensure a common level of performance. The minimum hardware requirements include a 24-core or better CPU hyperthreaded, 256 GB PC4-21300 2666MHz DDR4 ECC Registered DIMM, and 2 x 240GB SSD with RAID 1 for OS Storage, among others. There are also requirements for the operating system, node software, and system user accounts. A proxy is necessary to access the node via public APIs. Hedera performs a configuration review and executes functional, stability, and performance tests for all network services before scheduling mainnet connection.
HBAR Risks
While Hedera being an enterprise-run and focused project is not necessarily a bad thing from a technical perspective, it is extremely problematic for HBAR holders that are purchasing the token on crypto exchanges under the guise of being a “decentralized” governance and transaction token. With the HGC and Board controlling the entire direction of the platform, including all aspects of the tokenomics of HBAR, individual holders of the token are completely at the mercy of these council members. Not to mention, council members have a legal fiduciary responsibility to return profits back to shareholders as corporations. They are also subject directly to the laws and regulations of their home countries and regions, including KYC laws, which adds to the regulatory complexity of the Hedera project as a whole.
Council members, and the early investors in Hedera, also control a massive majority of the total HBAR token supply. This risk is not offset by platform revenues, as HBAR does not benefit directly from the revenue generated by services on the Hedera platform, as fees are paid back to the Treasury. The main incentives behind HBAR are found in the staking rewards and speculation by the market on its future value.
Hedera Hashgraph, by several metrics, operates more like a mega-corporation than a decentralized project. Overall, this puts the HBAR token at risk of being classified potentially as a security. This will be covered in-depth in the Regulations section.
Previous Incident
On March 9, 2023, Hedera's network was compromised due to a glitch in its Smart Contract Service code, leading to a security breach. The infiltrator exploited this bug, focusing their efforts on several Decentralized Exchanges (DEXs), including Pangolin, SaucerSwap, and HeliSwap. They managed to illicitly transfer tokens worth nearly $600,000 from the Hedera Token Service to their personal account.
In a swift response, Hedera's DevOps team suspended proxy access to the mainnet, effectively isolating the network. Simultaneously, the affected DEXs and bridges implemented measures to prevent further token transfers. To address the issue, Hedera's team joined forces with their partners to conduct an in-depth investigation and devise a remediation strategy.
Within two days, by March 11, the team successfully launched an upgraded version of the Hedera Mainnet, armed with a patch that eliminated the vulnerability. This intervention restored complete functionality to the network. Following a comprehensive postmortem, the Hedera team confirmed that the breach had been fully contained, and retail user accounts or wallets were no longer under threat.
