Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
The Li.Fi protocol, an API that enables swaps and bridging between Ethereum Virtual Machine (EVM) and Solana (SOL), has suffered a major security incident, leading to the theft of more than $10 million in cryptocurrencies.
Hackers took advantage of vulnerabilities created by approvals granted from a malicious contract address to siphon off assets held in the contracts and funds from users’ linked wallets.
Hackers Exploit LiFi Protocol: Approximately $10 Million Drained
Reports from Cyvers Alerts indicate that the breach involved dubious transactions aimed at the Li.Fi protocol via a particular contract address.
UPDATEOur system has detected additional suspicious transactions involving @lifiprotocol on #ARB as well!
We strongly advise users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
The total loss now stands at around $10M across various chains!
Want to keep your… https://t.co/G5tAkl31bT pic.twitter.com/NJe3dm7KNP
— Cyvers Alerts
(@CyversAlerts) July 16, 2024
Users have been strongly urged to revoke their approvals for the address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae, to mitigate further losses.
Meir Dolev, co-founder and Chief Technology Officer at Cyvers, highlighted the dangers associated with such approvals, stating,
“Hackers can exploit these approvals to drain both assets stored in the contracts and funds in the connected wallets of users.”
Please refrain from interacting with any https://t.co/nlZEnqOyQz powered applications for the time being!
We are investigating a potential exploit. If you did not set infinite approval, you are not at risk.
Only users who have manually set infinite approvals appear to be affected.
Revoke all…
— LI.FI (@lifiprotocol) July 16, 2024
Following Cyvers’ alert, the Li.Fi protocol team cautioned users against engaging with Li.Fi-powered applications until further notice and provided a list of additional addresses to revoke for those who had manually set infinite approvals:
- 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
- 0x341e94069f53234fE6DabeF707aD424830525715
- 0xDE1E598b81620773454588B85D6b5D4eEC32573e
- 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68
Currently, the hackers have drained around $10 million in cryptocurrency, and the exploit has also affected the Arbitrum blockchain. This incident underscores the inherent risks associated with granting approvals to smart contract wallets.
Related Posts
In this regard, Dolev reiterated the risks and the necessity for vigilance among users and developers.
Recent Attacks in the DeFi Space
This incident involving Li.Fi is part of a series of recent breaches within the DeFi sector.
Recently, Pike Finance suffered considerable losses due to a smart contract vulnerability, resulting in $1.6 million in stolen funds over a span of three days.
The first major exploit occurred on April 30, when an attacker drained over $1.68 million across Ethereum, Arbitrum, and Optimism chains by altering the output address in the smart contract.
This attack was preceded by a similar exploit on April 26, where $300,000 was stolen.
In a similar vein, Dough Finance lost $1.8 million in digital assets due to a flash loan attack on July 12. The attacker utilized Railgun’s zero-knowledge protocol to exchange stolen USD Coin for 608 ETH.
Further analysis by Olympix indicated that the exploit stemmed from unvalidated calldata in the “ConnectorDeleverageParaswap” contract. This oversight allowed the attacker to manipulate the data during flash loan calls.
These attacks are indicative of a broader trend in the cryptocurrency landscape.
Over $1 billion in digital assets were lost in the first half of 2024 due to various security incidents, including phishing attacks and private key compromises. In Q2, more than $688 million was lost across 184 on-chain security breaches.
Despite these challenges, the cryptocurrency market has demonstrated resilience, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024, with $347.4 million recovered or frozen out of $512.9 million lost.
However, cryptocurrency scams continue to flourish, particularly on X (formerly Twitter), where nearly $50 million is lost monthly due to account impersonation.
The post LiFi Protocol Under Attack with Over $10 Million Drained appeared first on Cryptonews.
