The LI.FI Protocol, a cross-chain bridging and swapping platform, was the victim of a sophisticated cyber-attack that stole approximately $9.7 million in various cryptocurrencies. The exploit primarily affected users who had manually set infinite approvals on specific contracts within the protocol.
The attack was first detected when LI.FI Protocol issued an urgent warning to its users, advising them not to interact with any LI.FI-powered applications while they investigated a potential exploit. Security firms and blockchain analysts quickly confirmed the breach, with Cyvers Alerts reporting suspicious transactions involving LI.FI Protocol on multiple chains.
Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
The user identified as Sudo was the first to report a possible exploit on X. Sudo highlighted that nearly $10 million was drained from the protocol.
The attackers targeted several vulnerabilities:
- Infinite approvals: Users who had manually set infinite approvals for certain contracts were most affected by the exploit.
- Call injection: Security experts suspect that the attack involved a “call injection” technique, where attackers manipulated function calls to execute unauthorized actions.
- Cross-chain vulnerability: The exploit affected multiple chains, including Ethereum and Arbitrum, highlighting the complexity of securing cross-chain protocols.
The stolen funds primarily consisted of stablecoins such as USDC and USDT, which were swiftly converted to Ethereum (ETH) by the attackers. On-chain data showed that the wallet containing the stolen funds held 1,715 ETH worth $5.8 million, along with various stablecoins.
In response to the attack, LI.FI Protocol urged users to take immediate action:
- Avoid interactions: Users were advised to refrain from interacting with any LI.FI-powered applications.
- Revoke approvals: The protocol provided specific contract addresses for which users should revoke all approvals.
- Asset security: Users who had interacted with LI.FI Protocol on affected chains were advised to take immediate steps to secure their assets.
This incident marks the second major exploit for LI.FI Protocol, following a $600,000 loss in March 2022 due to a smart contract vulnerability. The recurring nature of these attacks underscores the ongoing challenges in securing decentralized finance (DeFi) protocols and the importance of robust security measures.
As investigations continue, the crypto community remains on high alert. This exploit is a clear reminder of the risks associated with DeFi platforms and the critical need for users to be cautious when granting permissions to smart contracts.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo