Home » Defi » DeFi Protocol Li.Fi Suffers a $11 Million Cyberattack

DeFi Protocol Li.Fi Suffers a $11 Million Cyberattack

On July 16, 2024, the cross-chain DeFi protocol Li.Fi faced a major security breach. Hackers exploited a vulnerability, stealing around $11 million worth of cryptocurrencies. The stolen assets included Ethereum (ETH) and various stablecoins such as USDC, USDT, and DAI. 

Illustration depicting cybersecurity breach and digital assets
Source: https://www.cryptonewsz.com/lifi-protocol-confirms-hack-over-10m-drained/

Details of the Hack 

The initial report by blockchain security firm CertiK estimated the loss at nearly $9 million. However, Li.Fi later confirmed the total stolen amount was closer to $11 million. Li.Fi enables users to trade across different blockchains, venues, and bridges. 

Immediate Response 

Li.Fi quickly responded to the incident. They announced on social media platform X (formerly Twitter) that they were investigating a potential exploit. They also urged users to avoid interacting with any Li.Fi-powered applications until further notice. 

Cause of the Exploit 

The exploit targeted users who had adjusted their account settings to allow “infinite approvals.” This setting gives a smart contract unlimited access to a user’s funds, which becomes risky if the contract is compromised. 

Decurity, a crypto security firm, suggested that the exploit’s root cause was likely a vulnerability in the Li.Fi bridge. A specific function in a smart contract, deployed just five days before the attack, allowed for “arbitrary call with user-controlled data.” 

Containment and Advice 

Since then, Li.Fi has stopped the exploit and turned off the impacted smart contract facet. They assured users that there is no further risk and emphasized that only a small number of users with infinite approvals were affected. 

Li.Fi gave a list of particular addresses to revoke along with instructions for using their “secluded revoke website” right away. They recommended users visit scan.li.fi to check if their accounts were compromised. 

History of Security Issues 

This isn’t the first time Li.Fi has faced security issues. A flaw in the protocol’s switching function cost $600,000 in bitcoin losses in 2022. These recurring incidents highlight the ongoing security challenges faced by DeFi protocols

Growing Crypto Thefts 

The Li.Fi hack adds to a growing list of crypto thefts in 2024. In comparison to the same period in 2023, hackers stole more than twice as much cryptocurrency in the first half of 2024, according to a report by blockchain intelligence firm TRM Labs

Year 

Total Stolen ($ billions) 

2023 

1.7 

First half of 2024 

1.38 

Engagement with Authorities 

Li.Fi’s team stated they are working with law enforcement and relevant third parties, including industry security teams, to trace the stolen funds. They promised to issue a detailed post-mortem analysis of the incident as soon as possible. 

This hack shows the need for robust security measures in DeFi protocols. Users must stay vigilant and follow safety advice to protect their assets. 

July 17. 2024 at 5:00 pm

Updated July 17. 2024 at 5:00 pm

Disclaimer

Remember, investing in cryptocurrencies involves risks, and it’s important to conduct thorough research and seek professional advice before making any financial decisions. (Please keep in mind that this post is solely for informative purposes and should not be construed as financial or investment advice.)

FAQ

DeFI stands for decentralized finance, offering open and accessible financial systems built on blockchain technology.

Yield farming involves earning interest by lending or staking cryptocurrencies.

Layer 1 blockchains are the primary networks (e.g., Ethereum), while layer 2 blockchains scale and improve performance on top of them.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top