How Does Hedera Work?
Hedera is a public distributed ledger using the patented hashgraph consensus algorithm, governed by a council of 28 major enterprises including Google, IBM, and Boeing. With approximately $60M in DeFi TVL and a $5B fully diluted valuation, it has been operational since September 2019 with strong theoretical security (aBFT consensus) but limited DeFi adoption. Its B- grade reflects a clean track record with only one smart contract exploit in 2023 (quickly contained), balanced against significant centralization in its Council-operated consensus model and a large valuation-to-TVL gap that creates scale exposure risk.
TVL
$60M
Sector
L1
Risk Grade
C+
Value Grade
D
Core Mechanisms
Consensus/DAG
NovelHashgraph consensus — an asynchronous Byzantine Fault Tolerant (aBFT) consensus algorithm using a directed acyclic graph structure with virtual voting and gossip-about-gossip protocol, achieving consensus without leader election or voting rounds
While DAG-based consensus is not entirely new (IOTA, Nano), Hedera's specific hashgraph implementation with virtual voting and gossip-about-gossip is patented by Swirlds. The aBFT property provides strong theoretical security guarantees. However, production deployment has been limited to the permissioned Council node set.
Governance/Council
Governing Council — a body of 28 term-limited organizations (enterprises, universities, non-profits) that operate consensus nodes and govern network parameters. Each member serves a maximum of two consecutive 3-year terms
Enterprise consortium governance models exist in traditional distributed systems (Hyperledger, R3 Corda). The specific structure of a rotating council of major enterprises is unusual in public blockchains but follows established consortium patterns.
Token-Supply/Treasury-Distribution
HBAR treasury distribution — 50 billion fixed supply with no inflation; tokens are distributed from the Hedera Treasury at discrete intervals on a quarterly schedule, with the Council unanimously required to increase the cap
Fixed supply with treasury-based distribution is a standard pattern. The requirement for unanimous Council consent to change supply provides strong supply cap guarantee but concentrates authority in the Council.
Staking/Proxy-Staking
Hedera native staking — HBAR holders can stake to Council-operated consensus nodes to earn rewards, but staking does not participate in consensus; it provides an economic signal for node selection without slashing risk
Hedera's staking model is simpler than delegated PoS: stakers earn rewards but do not directly influence consensus (only Council nodes run consensus). No slashing means lower risk for stakers but weaker economic security guarantees.
Smart-Contract/EVM-Compatible
Hedera Smart Contract Service — supports Solidity smart contracts via EVM-compatible execution, plus native Hedera Token Service (HTS) for token operations at the protocol level without smart contracts
EVM compatibility is standard. HTS provides native token functionality without smart contract deployment, reducing gas costs and attack surface for basic token operations.
Network/Consensus-Service
Hedera Consensus Service (HCS) — provides a verifiable timestamp and ordering service for application messages, enabling enterprise applications to log events on a public distributed ledger without executing them on-chain
HCS is a timestamping and ordering service that leverages the hashgraph consensus for enterprise use cases. It functions similarly to a decentralized notary service.
How the Pieces Interact
Council-controlled consensus — since all consensus nodes are operated by the 28 Governing Council members, a coordinated action by Council members (or regulatory pressure on a subset of them) could censor transactions, halt the network, or change parameters without broader community input. This is a structural design choice, not a bug.
Treasury distribution centralization — the Council controls both governance decisions and treasury distribution schedules. While unanimous consent is required to increase supply, the quarterly distribution cadence and amounts are Council-determined, creating potential conflicts of interest
Smart contract exploit surface — two confirmed HTS precompile exploits: March 2023 (~$570K SaucerSwap) and March 9, 2026 (~$600K multi-protocol). Both attacks exploited token association logic in the precompile interface. The same vector recurring three years apart on different applications suggests a systemic risk in how the HTS precompile exposes token operations to EVM-compatible contracts.
Staking without governance power — HBAR stakers earn rewards but have no influence over consensus or governance decisions (only Council members govern). This creates a disconnect where token holders bear price risk without proportional governance rights
Enterprise dependency on Council stability — enterprises using HCS for timestamping and ordering depend on the continued operation and neutrality of Council-operated nodes. If Council membership changes significantly or a regulatory action targets multiple Council members, enterprise applications lose their trust anchor
What Could Go Wrong
- Recurring HTS precompile exploit surface — two smart contract exploits (March 2023 SaucerSwap ~$570K, March 2026 DeFi protocols ~$600K) both exploited the HTS token association precompile interface; same attack vector recurring three years apart on different applications indicates a systemic design risk that periodic patching has not resolved
- Patented technology — the hashgraph consensus algorithm is patented by Swirlds Inc., creating intellectual property dependency and preventing the open-source fork-ability that other L1s offer as a decentralization backstop
- Council member concentration — a coordinated decision by a subset of the 28 Council members could alter network parameters, governance rules, or even halt operations, as all consensus nodes are operated by these entities
- DeFi ecosystem remains small at approximately $60M TVL despite the network being live since 2019, with SaucerSwap accounting for over two-thirds of total DeFi liquidity
Governing Council regulatory capture or coordinated censorship
ModerateTrigger: Regulatory authorities in the United States or European Union issue compliance directives to multiple Council member organizations (Google, IBM, Boeing, etc.) requiring transaction censorship or user data disclosure, which Council members must comply with as regulated enterprises
- 1.Multiple jurisdictions issue directives requiring Council member organizations to implement transaction filtering, sanctions screening, or user identification at the consensus node level — Council members, as regulated enterprises with broader business interests beyond Hedera, comply with regulatory requirements and implement censorship at the consensus layer
- 2.Hedera effectively becomes a permissioned, censored network where transactions can be blocked or reversed by Council consensus, undermining its public blockchain value proposition — DeFi protocols and privacy-sensitive applications migrate to permissionless alternatives; HBAR stakers discover their economic stake has no governance recourse against Council decisions
- 3.The market reprices HBAR as a corporate consortium token rather than a public cryptocurrency, as the network's credible neutrality has been compromised — HBAR price declines significantly as the network loses its public blockchain premium; enterprise adoption may continue but at valuations reflecting a permissioned ledger, not a public network
Risk Profile at a Glance
Overall: C+ (36/100)
Lower score = safer