financetom
Cryptocurrency
financetom
/
Cryptocurrency
/
LI.FI DeFi Platform Exploited, Over $8 Million Lost to Attack
News World Market Environment Technology Personal Finance Politics Retail Business Economy Cryptocurrency Forex Stocks Market Commodities
LI.FI DeFi Platform Exploited, Over $8 Million Lost to Attack
Jul 16, 2024 8:42 AM

The decentralized finance (DeFi) platform LI.FI protocol has suffered an exploit amounting to over $8 million.

Cyvers Alerts reported detecting suspicious transactions within the LI.FI cross-chain transaction aggregator.

LI.FI Issues Warning After $8 Million Exploit

LI.FI confirmed the breach in a statement on July 16 via X: Please do not interact with any http://LI.FI powered applications for now! Were investigating a potential exploit. The team clarified that users who did not set infinite approval are not at risk, emphasizing that only those who manually set infinite approvals seem to be affected.

Please do not interact with any https://t.co/nlZEnqOyQz powered applications for now!

Were investigating a potential exploit. If you did not set infinite approval, you are not at risk.

Only users that have manually set infinite approvals seem to be affected.

Revoke all…

According to Cyvers Alerts, more than $8 million in user funds have been stolen, with the majority being stablecoins. According to on-chain data, the hackers wallet holds 1,715 Ether (ETH) valued at $5.8 million and USDC, USDT, and DAI stablecoins.

ALERT@lifiprotocol, Our system has raised suspicious transactions involving your https://t.co/3LzbDK99Ed

We recommend users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae

More than $8M have been drained so far from users and mostly stablecoins!… pic.twitter.com/zsj9DZWnpU

Cyvers Alerts advised users to revoke relevant authorizations immediately, noting that the attacker is actively converting USDC and USDT into ETH.

Crypto security firm Decurity provided insights into the exploit, stating that it involves the LI.FI bridge. The root cause is a possibility of an arbitrary call with user-controlled data via depositToGasZipERC20() in GasZipFacet, which was deployed 5 days ago, Decurity explained on X.

In general, the risks behind routers, cross-chain swaps, etc. are about token approvals. Raw native assets like (unwrapped) ETH are safe from these kinds of hacks b/c they dont have approvals as an option. Most users wallets also no longer do infinite approvals which gives a smart contract total control on removing any amount of their tokens. Its important to understand which tokens youre approving to which contracts.

This dashboard looks for all transactions of a user that intersects Lifi. Not all of these transactions indicate risk- but you can see how, broadly, integrations layers of tech (like how Metamask bridge uses Lifi on BSC) can complicate how users do or dont put their assets at risk. Revoke Cash is the most well known approval manager app.

But its also good security practice to simply rotate your address. New addresses start with 0 approvals, so starting fresh by moving your tokens to a fresh address is another good security practice. commented Carlos Mercado, Data Scientist at Flipside Crypto.

Recent Exploit Mirrors March 2022 Attack

Further analysis by PeckShield alert revealed that the vulnerability is similar to a previous attack on LI.FIs protocol that occurred on March 20, 2022. That incident saw a bad actor exploit LI.FI’s smart contract, specifically the swapping feature, before bridging.

The attacker manipulated the system to call token contracts directly within their contract’s context, making users who had given infinite approval vulnerable. This exploit resulted in the theft of approximately 205 ETH from 29 wallets, affecting tokens such as USDC, MATIC, RPL, GNO, USDT, MVI, AUDIO, AAVE, JRT, and DAI.

The bug is basically the same. Are we learning anything from the past lesson(s)? PeckShield Alert said in a July 16 X post.

Following the 2022 incident, LI.FI disabled all swap methods in its smart contract and worked on developing a fix to prevent future vulnerabilities. However, the recurrence of a similar exploit raises concerns about the platforms security measures and whether adequate steps were taken to address the vulnerabilities identified in the previous breach.

LI.FI is a liquidity aggregation protocol that allows users to trade across various blockchains, venues, and bridges.

Comments
Welcome to financetom comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
Related Articles >
Binance US Reinstates USD Services After Nearly 3 Years
Binance US Reinstates USD Services After Nearly 3 Years
Feb 19, 2025
The US arm of the worlds largest cryptocurrency exchange has restarted all USD-based services for local investors after a nearly three-year hiatus. The announcement, shared by the company earlier today, indicates that the services are operational as of February 19 and will be gradually rolled out to all eligible customers in the coming days. The list of features to be...
Chainlink’s MVRV Ratio Signals Selling Exhaustion: What’s Next for LINK?
Chainlink’s MVRV Ratio Signals Selling Exhaustion: What’s Next for LINK?
Feb 19, 2025
Chainlinks (LINK) sharp 40% decline over the past month now raises questions about a potential rebound. The downturn coincides with a network contraction, indicating reduced activity. The token is currently trading at a little over $18. However, certain factors signal that a rebound might just be on the horizon. Comeback For LINK According to the latest findings by popular crypto...
How One Crypto Trader Sniped TRUMP at Launch and Made $109 Million (Bubblemaps Investigates)
How One Crypto Trader Sniped TRUMP at Launch and Made $109 Million (Bubblemaps Investigates)
Feb 19, 2025
Bubblemaps, in collaboration with popular YouTuber Stephen Findeisen a.k.a. Coffeezilla, has identified pseudonymous crypto trader Naseem as the likely account that profited over $100 million trading the official TRUMP meme coin. While the research does not definitively prove Naseem is behind the trading activity, Bubblemaps stated that there are too many connections to ignore. Blockchain Clues or Insider Edge? According...
MANTRA Secures a License From Dubai’s VARA to Operate as a Virtual Asset Exchange
MANTRA Secures a License From Dubai’s VARA to Operate as a Virtual Asset Exchange
Feb 19, 2025
The DeFi platform MANTRA obtained a Virtual Asset Service Provider (VASP) license from Dubais dedicated regulator overseeing crypto operations.  The approval now allows the entity to serve as a Virtual Asset Exchange and provide Broker-Dealer and Management and Investment Services.  MANTRAs Milestone According to a document shared with CryptoPotato, the VARA license reinforces MANTRAs commitment to compliance, security, and innovation...
Copyright 2023-2026 - www.financetom.com All Rights Reserved