Defi Protocol LI.FI Struck by $8M Exploit

Decentralized finance (DeFi) platform LI.FI protocol has been hit with a hack worth nearly $8 million following a series of suspicious withdrawals, on-chain data shows.

“Please do not interact with LI.FI supported applications for now,” LI.FI wrote to X. “We are investigating a possible vulnerability. If you have not set infinite confirmation, you are not at risk.”

LI.FI is a protocol that allows users to trade across multiple blockchains, venues, and bridges. In 2022, it experienced a bug in its swap feature that led to a $600,000 loss, with PeckShield describing the latest bug as “basically the same.”

The wallet containing the stolen funds contained 1,715 ether {{ETH}} worth $5.8 million, as well as stablecoins USDC, USDT and DAI.

Crypto security firm Decurity said the attack involved the LI.FI bridge.

Decurity wrote about X: “The root cause is the possibility of an arbitrary call with user-controlled data via `depositToGasZipERC20()` in GasZipFacet, which was deployed 5 days ago.”

A report published by Immunefi in May revealed that $473 million worth of cryptocurrencies were lost to attacks, exploits, and scams in the first half of 2024.

UPDATE (July 16, 13:48 UTC): Added link to 2022 exploit that resulted in $600,000 loss.

Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *