The decentralized finance (DeFi) platform LI.FI protocol recently fell victim to an exploit resulting in over $8 million in funds being stolen. Cyvers Alerts brought attention to the issue after detecting suspicious transactions within the LI.FI cross-chain transaction aggregator. LI.FI themselves confirmed the breach in a statement on July 16, urging users to avoid interacting with any LI.FI powered applications temporarily as they investigate a potential exploit. They mentioned that users who did not set infinite approval were not at risk, emphasizing that only those who manually set infinite approvals seemed to be affected.
According to reports from Cyvers Alerts, the hacker was able to steal more than $8 million in user funds, with a majority of the stolen funds being stablecoins. The hacker’s wallet reportedly holds 1,715 Ether (ETH) valued at $5.8 million along with USDC, USDT, and DAI stablecoins. Cyvers Alerts advised affected users to revoke relevant authorizations immediately, noting that the attacker is actively converting USDC and USDT into ETH.
In response to the exploit, crypto security firm Decurity provided valuable insights into the breach, pointing out that the exploit involved the LI.FI bridge. They explained that the root cause was the possibility of an arbitrary call with user-controlled data via depositToGasZipERC20() in GasZipFacet, a feature that was deployed just 5 days prior to the exploit. Decurity stressed the importance of understanding token approvals to prevent such hacks in the future. Additionally, Data Scientist Carlos Mercado from Flipside Crypto highlighted the importance of using tools like Revoke Cash and regularly rotating addresses for improved security.
Further analysis by PeckShield alerted revealed that the recent vulnerability is similar to a previous attack on LI.FI’s protocol that took place on March 20, 2022. In that incident, a bad actor exploited LI.FI’s smart contract, specifically the swapping feature, before bridging. This resulted in the theft of approximately 205 ETH from 29 wallets, affecting various tokens. PeckShield questioned whether lessons were learned from the past incident and emphasized the need for stronger security measures.
Following the 2022 attack, LI.FI disabled all swap methods in its smart contract and worked on a fix to prevent future vulnerabilities. However, the recurrence of a similar exploit raises concerns about the platform’s overall security measures. Questions arise about whether adequate steps were taken to address vulnerabilities identified in the previous breach. LI.FI is a liquidity aggregation protocol that enables users to trade across different blockchains, venues, and bridges.
With DeFi platforms facing increasing security threats, it is essential for developers and users alike to remain vigilant and prioritize security measures to safeguard funds and protect against potential exploits. The recent breach on LI.FI serves as a stark reminder of the risks associated with decentralized finance and the importance of proactive security measures in the rapidly evolving crypto landscape.
Leave a Reply