Li.Fi Hack: API for Ethereum Virtual Machine and Solana Swaps and Bridging Loses $10M

YEREVAN (CoinChapter.com) — Li.Fi, an API for Ethereum Virtual Machine and Solana swaps and bridging, is under attack.

A breach in the Li.Fi protocol has resulted in the theft of over $10 million in cryptocurrencies, sparking urgent actions within the community. The team monitoring the protocol, Cyvers, detected suspicious transactions linked to a specific contract address, prompting them to advise users to revoke approvals for the implicated address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae.

Meir Dolev, co-founder and CTO of Cyvers, explained the significance of these approvals.

“Hackers can use these approvals to drain both assets stored in the contracts and funds in the connected wallets of users,”

Dolev stated.

As the investigation unfolds, Li.Fi has issued a warning to its community to refrain from interacting with Li.Fi-powered applications until further notice. This measure aims to prevent additional losses.

The team is examining the potential exploit and has clarified that users who did not set infinite approval are not at risk. However, for those who manually set infinite approvals, it is crucial to revoke them immediately. The addresses that need to be revoked include:

This breach has now affected the Arbitrum blockchain. It highlights the inherent risks associated with granting wallet approvals to smart contracts.

The incident has sent shockwaves through the decentralized finance (DeFi) community, exposing the vulnerabilities in DeFi protocols and underscoring the importance of stringent security measures. Users are advised to remain vigilant and follow security advisories promptly.

In separate news, a flash loan attack on Dough Finance has resulted in the theft of $1.8 million. The attack, which was detected by Cyvers, involved the use of the zero-knowledge protocol Railgun to fund the attack. The attacker swapped the stolen USD Coin (USDC) for Ether (ETH).

According to Web3 security provider Olympix, the exploit led to 608 ETH, valued at around $1.8 million, being drained from the protocol. This attack was made possible due to unvalidated call data with the “ConnectorDeleverageParaswap.”

In another related incident, Filipino artists were hacked to promote an XRP scam. These breaches collectively demonstrate the critical need for robust security protocols in the DeFi space.