Li.Fi Protocol Hacked, Resulting in $10 Million Loss

Li.Fi, an API for Ethereum Virtual Machine and Solana swaps and bridging, was hacked on July 16, resulting in over $10 million in cryptocurrency being drained.

Azcnews Lifi Protocol Hacked, Resulting In $10 Million Loss

According to Cyvers, their system flagged suspicious transactions on Li.Fi involving a specific contract address.

Cyvers recommended users revoke approvals for the suspicious address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae

Meir Dolev, co-founder and CTO at Cyvers, emphasized the need for constant vigilance from protocols:

“Hackers can exploit these approvals to drain assets stored in the contract as well as funds in connected user wallets.”

Li.Fi Alert

In a post on X on July 16, Li.Fi warned users not to interact with applications powered by Li.Fi until further notice. During the ongoing attack, the team explained they were investigating the vulnerability and clarified that users without “infinite approvals” would not be at risk.

For users who had set up infinite approvals, the Li.Fi team advised revoking the following addresses:

  • 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
  • 0x341e94069f53234fE6DabeF707aD424830525715
  • 0xDE1E598b81620773454588B85D6b5D4eEC32573e
  • 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68

At 11:44 AM ET (15:44 UTC), Li.Fi updated its users via a post on X stating that the smart contract vulnerability had been mitigated. “There is no further risk to users at this time,” the post read. “Only wallets with infinite approvals were affected, representing a very small number of users.”

$10 Million Drained

According to Cyvers, approximately $10 million in cryptocurrency was drained, also affecting the Arbitrum blockchain. Dolev remarked, “This incident underscores the inherent risks in granting wallet permissions to smart contracts.”

In an update post on X, Cyvers once again urged users to revoke the address 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae to prevent further losses.

From Drains to Flash Loan Attacks

The decentralized finance protocol Dough Finance was recently attacked on July 12, falling victim to a $1.8 million flash loan attack. Cyvers reported on the incident, explaining that the attacker financed the exploit through the zero-knowledge protocol Railgun and swapped the stolen USD Coin.

According to Web3 security provider Olympix, the vulnerability accumulated 608 ETH, valued at approximately $1.8 million, originating from unverified call data with “ConnectorDeleverageParaswap.”

Love

0.0/5

Love

Latest

Donald Trump’s Company Files To Launch Spot Bitcoin Etf

News | Bitcoin | Editor Choice

Donald Trump’s Company Files to Launch Spot Bitcoin ETF

Truth Social, Donald Trump's social media platform, has made headlines by filing to launch a spot Bitcoin ETF, marking a bold move into the digital finance space as the crypto market heats up again.

Team Continues To Deposit $trump Into Exchanges

Memecoin | Editor Choice

Team continues to deposit $TRUMP into exchanges

This morning, a wallet allegedly belonging to the development team of the memecoin $TRUMP deposited 4.17 million $TRUMP tokens, equivalent to $46.97 million USD, onto major exchanges.

Pi Network Tops The Rankings Of Crypto Applications

Editor Choice | Pi Network

Pi Network tops the rankings of crypto applications

According to a recent survey from the Zypto VISA card, Pi Network has unexpectedly risen to the top position in terms of deposit frequency, surpassing DASH, USD1, and XRP.

Is Bitcoin Preparing For The Next Wave Of Institutional Capital

News | Bitcoin | Editor Choice

Is Bitcoin Preparing for the Next Wave of Institutional Capital?

Bitcoin is on the verge of attracting a massive wave of institutional capital, as global financial advisors gain easier access to the digital asset – setting the stage for a potential supply shock and a powerful price rally.

Ripple’s Rlusd Stablecoin Officially Approved In Dubai

News | Editor Choice | Policy & Regulations

Ripple’s RLUSD Stablecoin Officially Approved in Dubai

Ripple’s RLUSD – the company’s new stablecoin – has just been approved in Dubai, marking a significant step in its global expansion strategy and reinforcing its position in the digital finance market.