LiFi Protocol Faces Cyberattack, Loses Over $10 Million
The Li.Fi protocol, an API that permitted bridging and swapping between the Ethereum Virtual Machine (EVM) and Solana (SOL), was the target of a breach on July 16.
Cryptocurrency worth over $10 million was lost in the attack. After hackers used a particular contract address to steal resources, the Li.Fi team and Cyvers, a security company keeping an eye on the matter, acted quickly.
Concerning the compromised contract address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae. Cyvers’ systems found suspicious transactions. In order to stop additional losses, Cyvers urged users to remove their authorization for this location. The Arbitrum blockchain was also compromised by the attack, which also impacted assets kept in the contracts and money in users’ linked wallets.
Cyvers’ co-founder and chief technology officer, Meir Dolev, underlined the risks associated with authorizing smart contracts. He issued a warning that hackers might take advantage of these permissions to siphon off money from users’ linked wallets as well as assets contained in contracts.
🚨ALERT🚨@lifiprotocol, Our system has raised suspicious transactions involving your https://t.co/3LzbDK99Ed
We recommend users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
More than $8M have been drained so far from users and mostly stablecoins!… pic.twitter.com/zsj9DZWnpU
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 16, 2024
In response, Li.Fi advised users to refrain from using Li.Fi-powered applications for the time being. They made it clear that consumers were safe provided they had not specified endless approvals.
The team suggested removing permissions for the following addresses for people who had manually set endless approvals:
0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae, 0x341e94069f53234fE6DabeF707aD424830525715, 0xDE1E598b81620773454588B85D6b5D4eEC32573e, and 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68.
Please do not interact with any https://t.co/nlZEnqOyQz powered applications for now!
We're investigating a potential exploit. If you did not set infinite approval, you are not at risk.
Only users that have manually set infinite approvals seem to be affected.
Revoke all…
— LI.FI (@lifiprotocol) July 16, 2024
On July 16, Li.Fi declared that the smart contract vulnerability had been fixed at 15:44 UTC, guaranteeing that users will not be at any more risk. They verified that just a tiny percentage of users’ wallets—those with limitless approvals—were impacted.
This event is a component of a wider pattern of security lapses in the field of decentralized finance (DeFi). A recent attack on Dough Finance that involved a $1.8 million flash loan was made possible by call data that was not verified in the “ConnectorDeleverageParaswap” contract on July 12. Furthermore, on April 30, Pike Finance was the victim of a large-scale hack in which $1.68 million was taken from several blockchains.
Over $1 billion in digital assets were lost in the first half of 2024 as a result of many security issues, such as phishing attempts and compromised private keys.
The cryptocurrency market has proven resilient in the face of these difficulties; in Q2 2024, 77% of stolen assets were recovered. But frauds are still very much alive and well, especially on social media sites like X (previously Twitter), where impersonator accounts lose up to $50 million every month.
ABOUT THE AUTHOR
See More
Sidebar rates
Add 3440
Join 350 000+ traders receiving Free Trading Signals
Alerts
Rates
Calendar
Signals