LI.FI Protocol Hit by $8 Million Exploit
The LI.FI protocol, a decentralized finance (DeFi) platform, recently fell victim to an exploit resulting in the loss of over $8 million. Cyvers Alerts raised the alarm after spotting suspicious transactions within the LI.FI cross-chain transaction aggregator.
- LI.FI acknowledges breach with a cautionary statement
- Users warned to avoid interacting with powered applications
- Risks limited to users who set infinite approval
LI.FI confirmed the security breach and urged users not to engage with any powered applications. The team stressed the importance of avoiding such interactions while they investigate the potential exploit. They reassured users that those who did not set infinite approvals were not at risk.
Cyvers Alerts reported that more than $8 million in user funds had been stolen, mostly in stablecoins. The hacker’s wallet contained 1,715 Ether (ETH), valued at $5.8 million, as well as USDC, USDT, and DAI stablecoins.
- Alert issued to revoke approvals immediately
- Attacker converting stablecoins to ETH actively
- Crypto security firm Decurity offers insights into the exploit
Cyvers Alerts advised affected users to revoke their authorizations promptly, as the attacker was swiftly converting USDC and USDT to ETH. Decurity, a crypto security firm, shed light on the exploit’s mechanics, indicating that it involved the LI.FI bridge.
Similar Exploit Recalls March 2022 Attack
PeckShield’s analysis highlighted similarities between the recent attack and a previous breach on LI.FI’s protocol in March 2022. During the earlier incident, a bad actor exploited LI.FI’s smart contract, specifically targeting the swapping feature before bridging.
- Previous exploit targeted LI.FI’s swapping feature
- Bad actor manipulated contracts to access user funds
- Approximately 205 ETH stolen from multiple wallets
The attacker manipulated the system to directly call token contracts within their context, leaving users who had provided infinite approval vulnerable. This exploit resulted in the theft of around 205 ETH from 29 wallets, impacting various tokens such as USDC, MATIC, RPL, GNO, USDT, and others.
Despite LI.FI’s efforts to disable swap methods and implement fixes after the 2022 incident, the recurrence of a similar exploit raises questions about the platform’s security measures and response to vulnerabilities.
Assessing Security Measures and Future Steps
As a liquidity aggregation protocol enabling cross-chain trading, LI.FI faces the challenge of ensuring robust security measures to safeguard user funds and prevent exploits. The recent breach underscores the importance of continuous monitoring, prompt responses to vulnerabilities, and proactive steps to enhance platform security.
The cryptocurrency ecosystem remains susceptible to malicious actors seeking to exploit weaknesses in protocols and smart contracts. As the industry evolves, stakeholders must remain vigilant and collaborative in addressing security threats and fortifying defenses against potential attacks.
By
By
By
