The decentralized finance (DeFi) platform LI.FI protocol recently fell victim to an exploit resulting in over $8 million worth of funds being stolen. Cyvers Alerts brought attention to suspicious transactions within the LI.FI cross-chain transaction aggregator. LI.FI acknowledged the breach in a statement on July 16, warning users not to engage with any http://LI.FI powered applications as they investigate a potential exploit. The team emphasized that users who did not set infinite approval are not currently at risk, with only those who manually set infinite approvals appearing to be affected by the breach.
Reports from Cyvers Alerts indicated that the hacker managed to abscond with more than $8 million in user funds, predominantly consisting of stablecoins. The hacker’s wallet was found to contain 1,715 Ether (ETH) valued at $5.8 million, along with USDC, USDT, and DAI stablecoins. In response, Cyvers Alerts advised users to revoke relevant authorizations immediately, noting the attacker’s active conversion of USDC and USDT into ETH. Crypto security firm Decurity shed light on the exploit, attributing it to the LI.FI bridge and highlighting the root cause as a potential arbitrary call with user-controlled data via depositToGasZipERC20() in GasZipFacet.
PeckShield also highlighted similarities between this recent exploit and a previous attack on LI.FI’s protocol that occurred on March 20, 2022. During that incident, a bad actor exploited LI.FI’s smart contract, particularly the swapping feature, before bridging. By manipulating the system to call token contracts directly within their contract’s context, the attacker targeted users who had provided infinite approvals, resulting in the theft of approximately 205 ETH from 29 wallets. Tokens such as USDC, MATIC, RPL, GNO, USDT, MVI, AUDIO, AAVE, JRT, and DAI were affected.
Following the 2022 incident, LI.FI took action by disabling all swap methods in its smart contract and initiated efforts to develop a fix to prevent future vulnerabilities. However, the recurrence of a similar exploit raises doubts about the platform’s security measures and whether adequate steps were taken to address vulnerabilities identified in the previous breach. As a liquidity aggregation protocol enabling cross-chain trading, LI.FI now faces scrutiny regarding its commitment to safeguarding user funds and preventing future breaches.
The recent exploit experienced by the LI.FI protocol serves as a stark reminder of the risks associated with decentralized finance platforms. Despite efforts to enhance security measures and address vulnerabilities, the recurrence of similar exploits underscores the need for continuous vigilance and proactive measures to safeguard user funds within the DeFi ecosystem. LI.FI’s response to this exploit will be closely monitored by the DeFi community as stakeholders assess the platform’s ability to learn from past incidents and bolster its security infrastructure moving forward.