LiFi Protocol Under Attack with Over $10 Million Drained

Defi Hack Defi Security
Last updated:
Journalist
Journalist
Hassan Shittu
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.

The Li.Fi protocol, an API that facilitates Ethereum Virtual Machine (EVM) and Solana (SOL) swaps and bridging, has fallen victim to a significant security breach, resulting in the loss of over $10 million in cryptocurrencies.

Hackers exploited vulnerabilities caused by approvals accepted from the malicious contract address to drain assets stored in the contracts and funds in users’ connected wallets.

Hackers Exploit LiFi Protocol: Approximately $10 Million Drained

According to reports from Cyvers Alerts, the breach involved suspicious transactions targeting the Li.Fi protocol through a specific contract address.

Users have been strongly advised to revoke their approvals for the address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae, to prevent further losses.

Meir Dolev, co-founder and Chief Technology Officer at Cyvers, emphasized the risk of such approvals, stating,

“Hackers can exploit these approvals to drain both assets stored in the contracts and funds in the connected wallets of users.”

In a tweet after Cyvers notification, the Li.Fi protocol team warned users not to interact with Li.Fi-powered applications until further notice and also provided a list of additional addresses to revoke for those who had manually set infinite approvals:

  • 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
  • 0x341e94069f53234fE6DabeF707aD424830525715
  • 0xDE1E598b81620773454588B85D6b5D4eEC32573e
  • 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68

As of now, the hackers have drained approximately $10 million in cryptocurrency, and the exploit has extended to the Arbitrum blockchain. This incident highlights the inherent risks of granting approvals to smart contract wallets.Regarding this, Dolev also stressed and reiterated the risks and the need for vigilance among users and developers.

Recent Attacks in the DeFi Space

This attack on Li.Fi is part of a series of recent breaches within the DeFi space.Recently, Pike Finance experienced significant losses due to a smart contract vulnerability, resulting in $1.6 million in stolen funds over three days.The first major exploit occurred on April 30, with an attacker draining over $1.68 million across Ethereum, Arbitrum, and Optimism chains by changing the output address in the smart contract. This attack followed a similar exploit on April 26, where $300,000 was stolen. Similarly, Dough Finance lost $1.8 million in digital assets due to a flash loan attack on July 12. The attacker used Railgun’s zero-knowledge protocol to swap stolen USD Coin for 608 ETH. Further analysis by Olympix revealed that the exploit resulted from unvalidated calldata in the “ConnectorDeleverageParaswap” contract. This failure allowed the attacker to manipulate the data during flash loan calls. These attacks are part of a broader trend in the crypto space.Over $1 billion in digital assets were lost in the first half of 2024 due to various security incidents, including phishing attacks and private key compromises. In Q2, over $688 million was lost across 184 on-chain security breaches.Despite these challenges, the crypto market has shown resilience, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024, with $347.4 million recovered or frozen out of $512.9 million lost.However, cryptocurrency scams continue to thrive, especially on X (formerly Twitter), where nearly $50 million is lost monthly due to account impersonation.

More Articles

DeFi News
Compound Finance Launches $1M Bug Bounty to Strengthen DeFi Security
Hassan Shittu
Hassan Shittu
2024-12-12 13:08:54
Blockchain News
Bitcoin ATM Operator Byte Federal Reports Data Breach Affecting 58,000 Users
Jimmy Aki
Jimmy Aki
2024-12-12 12:59:09
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors