Li.Fi 黑客攻击：以太坊虚拟机 API 和 Solana 互换和桥接损失 1000 万美元

埃里温 (CoinChapter.com) — Li.Fi，一种用于以太坊虚拟机和 Solana 交换和桥接的 API，正受到攻击。

A breach in the Li.Fi protocol has resulted in the theft of over $10 million in cryptocurrencies, sparking urgent actions within the community. The team monitoring the protocol, Cyvers, detected suspicious transactions linked to a specific contract address, prompting them to advise users to revoke approvals for the implicated address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae.

Li.Fi 协议的漏洞导致价值超过 1000 万美元的加密货币被盗，引发了社区内部的紧急行动。监控协议的团队 Cyvers 检测到与特定合约地址相关的可疑交易，促使他们建议用户撤销对相关地址的批准：0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae。

Meir Dolev, co-founder and CTO of Cyvers, explained the significance of these approvals.

Cyvers 联合创始人兼首席技术官 Meir Dolev 解释了这些批准的重要性。

“Hackers can use these approvals to drain both assets stored in the contracts and funds in the connected wallets of users,”

“黑客可以利用这些批准来耗尽存储在合约中的资产和用户连接钱包中的资金，”

Dolev stated.

多列夫说道。

As the investigation unfolds, Li.Fi has issued a warning to its community to refrain from interacting with Li.Fi-powered applications until further notice. This measure aims to prevent additional losses.

随着调查的展开，Li.Fi 已向其社区发出警告，要求其不要与 Li.Fi 支持的应用程序进行交互，直至另行通知。该措施旨在防止额外损失。

The team is examining the potential exploit and has clarified that users who did not set infinite approval are not at risk. However, for those who manually set infinite approvals, it is crucial to revoke them immediately. The addresses that need to be revoked include:

该团队正在研究潜在的漏洞，并澄清未设置无限批准的用户不会面临风险。然而，对于那些手动设置无限批准的人来说，立即撤销它们至关重要。需要撤销的地址包括：

This breach has now affected the Arbitrum blockchain. It highlights the inherent risks associated with granting wallet approvals to smart contracts.

此漏洞现已影响 Arbitrum 区块链。它强调了与向智能合约授予钱包批准相关的固有风险。

The incident has sent shockwaves through the decentralized finance (DeFi) community, exposing the vulnerabilities in DeFi protocols and underscoring the importance of stringent security measures. Users are advised to remain vigilant and follow security advisories promptly.

该事件在去中心化金融（DeFi）社区引起轩然大波，暴露了 DeFi 协议的漏洞，并强调了严格安全措施的重要性。建议用户保持警惕并及时遵循安全建议。

In separate news, a flash loan attack on Dough Finance has resulted in the theft of $1.8 million. The attack, which was detected by Cyvers, involved the use of the zero-knowledge protocol Railgun to fund the attack. The attacker swapped the stolen USD Coin (USDC) for Ether (ETH).

另据消息称，Dough Finance 遭遇闪电贷攻击，导致 180 万美元被盗。 Cyvers 检测到的这次攻击涉及使用零知识协议 Railgun 来资助攻击。攻击者将被盗的美元硬币（USDC）兑换成以太币（ETH）。

According to Web3 security provider Olympix, the exploit led to 608 ETH, valued at around $1.8 million, being drained from the protocol. This attack was made possible due to unvalidated call data with the “ConnectorDeleverageParaswap.”

据 Web3 安全提供商 Olympix 称，该漏洞导致 608 ETH（价值约 180 万美元）从协议中流失。由于“ConnectorDeleverageParaswap”的呼叫数据未经验证，导致这种攻击成为可能。

In another related incident, Filipino artists were hacked to promote an XRP scam. These breaches collectively demonstrate the critical need for robust security protocols in the DeFi space.

在另一起相关事件中，菲律宾艺术家因宣传 XRP 骗局而遭到黑客攻击。这些漏洞共同表明 DeFi 领域迫切需要强大的安全协议。