Li.Fi 駭客攻擊：以太坊虛擬機器 API 和 Solana 互換和橋接損失 1000 萬美元

埃里溫 (CoinChapter.com) — Li.Fi，一種用於以太坊虛擬機器和 Solana 交換和橋接的 API，正受到攻擊。

A breach in the Li.Fi protocol has resulted in the theft of over $10 million in cryptocurrencies, sparking urgent actions within the community. The team monitoring the protocol, Cyvers, detected suspicious transactions linked to a specific contract address, prompting them to advise users to revoke approvals for the implicated address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae.

Li.Fi 協議的漏洞導致價值超過 1000 萬美元的加密貨幣被盜，引發了社區內部的緊急行動。監控協議的團隊 Cyvers 偵測到與特定合約位址相關的可疑交易，促使他們建議使用者撤銷相關地址的批准：0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae。

Meir Dolev, co-founder and CTO of Cyvers, explained the significance of these approvals.

Cyvers 聯合創始人兼首席技術長 Meir Dolev 解釋了這些批准的重要性。

“Hackers can use these approvals to drain both assets stored in the contracts and funds in the connected wallets of users,”

“駭客可以利用這些批准來耗盡存儲在合約中的資產和用戶連接錢包中的資金，”

Dolev stated.

多列夫說。

As the investigation unfolds, Li.Fi has issued a warning to its community to refrain from interacting with Li.Fi-powered applications until further notice. This measure aims to prevent additional losses.

隨著調查的展開，Li.Fi 已向其社群發出警告，要求其不要與 Li.Fi 支援的應用程式進行交互，直至另行通知。該措施旨在防止額外損失。

The team is examining the potential exploit and has clarified that users who did not set infinite approval are not at risk. However, for those who manually set infinite approvals, it is crucial to revoke them immediately. The addresses that need to be revoked include:

團隊正在研究潛在的漏洞，並澄清未設定無限批准的用戶不會面臨風險。然而，對於那些手動設定無限批准的人來說，立即撤銷它們至關重要。需要撤銷的地址包括：

This breach has now affected the Arbitrum blockchain. It highlights the inherent risks associated with granting wallet approvals to smart contracts.

此漏洞現已影響 Arbitrum 區塊鏈。它強調了與向智能合約授予錢包批准相關的固有風險。

The incident has sent shockwaves through the decentralized finance (DeFi) community, exposing the vulnerabilities in DeFi protocols and underscoring the importance of stringent security measures. Users are advised to remain vigilant and follow security advisories promptly.

這起事件在去中心化金融（DeFi）社群引起軒然大波，揭露了 DeFi 協議的漏洞，並強調了嚴格安全措施的重要性。建議使用者保持警惕並及時遵循安全建議。

In separate news, a flash loan attack on Dough Finance has resulted in the theft of $1.8 million. The attack, which was detected by Cyvers, involved the use of the zero-knowledge protocol Railgun to fund the attack. The attacker swapped the stolen USD Coin (USDC) for Ether (ETH).

另據消息稱，Dough Finance 遭遇閃電貸攻擊，導致 180 萬美元被盜。 Cyvers 偵測到的這次攻擊涉及使用零知識協議 Railgun 來資助攻擊。攻擊者將被盜的美元硬幣（USDC）兌換成以太幣（ETH）。

According to Web3 security provider Olympix, the exploit led to 608 ETH, valued at around $1.8 million, being drained from the protocol. This attack was made possible due to unvalidated call data with the “ConnectorDeleverageParaswap.”

據 Web3 安全供應商 Olympix 稱，該漏洞導致 608 ETH（價值約 180 萬美元）從協議中流失。由於「ConnectorDeleverageParaswap」的呼叫資料未經驗證，導致這種攻擊成為可能。

In another related incident, Filipino artists were hacked to promote an XRP scam. These breaches collectively demonstrate the critical need for robust security protocols in the DeFi space.

在另一起相關事件中，菲律賓藝術家因宣傳 XRP 騙局而遭到駭客攻擊。這些漏洞共同表明 DeFi 領域迫切需要強大的安全協議。