LiFi Protocol, an asset swap and bridge platform suitable with Solana and EVM chains, has been exploited for about $10 million.
The DeFi platform acknowledged the breach however didn’t reveal the precise quantity misplaced. It urged neighborhood members to avoid interacting with its system.
It wrote:
“Please do not interact with any LIFI powered applications for now! We’re investigating a potential exploit. If you did not set infinite approval, you are not at risk. Only users that have manually set infinite approvals seem to be affected.”
$10 million drained
On July 16, Cyvers Alert, a web3 safety platform, reported suspicious transactions involving a LiFi good contract.
The platform revealed that these transactions led to losses of about $10 million in person property—together with $6.3 million in USDT, $3.1 million in USDC, and round $170,000 in DAI stablecoin—throughout varied blockchain networks, together with the Ethereum layer-2 community Arbitrum.
Blockchain analyst Lookonchain reported that the stolen stablecoins have been exchanged for 2,857 ETH, equal to $9.7 million, and distributed to a number of wallets.
Meir Dolev, co-founder and chief expertise officer at Cyvers, instructed CryptoSlate:
“The incident highlights the dangers of giving wallet approvals to smart contracts. It’s crucial for protocols to stay alert, as hackers can take advantage of these approvals to steal both assets in the contracts and funds in users’ connected wallets.”
One other Blockchain safety agency, Blockaid, defined that the foundation of the assault was exploiting the platform’s proxy implementation. It added:
“The attackers have managed to exploit a vulnerability in the proxy implementation, where an attacker is able to inject function call to the contract – an ability they’ve then used to inject transferFrom calls on approved users.”
Notably, blockchain safety agency Peckshield pointed out that the Li.Fi platform suffered the same assault in March 2022. At the moment, Li.Fi said the attacker exploited its good contract by way of a swapping function that calls token contracts straight as an alternative of performing precise swaps.
In the meantime, the assault has led to the spreading of a number of phishing rip-off hyperlinks on social media, urging users to “revoke” their entry to the platform through suspicious hyperlinks.
Talked about on this article
