LI.FI loses estimated $9 million in exploit
Quick Take Cross-chain blockchain protocol LI.FI has lost around $9 million in an exploit, security firms say. The team has asked users to avoid the protocol and revoke permissions. Security firm Peckshield alleges a similar attack affected LI.FI in 2022.
Cross-chain blockchain protocol LI.FI has been exploited, the team said on the social media platform X. The team is investigating the possible hack, which appears to only affect users who manually set certain features.
"Please do not interact with any LI.FI powered applications for now," the LI.FI team wrote. "We're investigating a potential exploit. If you did not set infinite approval, you are not at risk."
“[W]e urge all users to immediately use our secluded revoke website,” LI.FI wrote, adding that “4 more security breaches have been identified.”
Security firm Decurity said the “root cause” appears to be “an arbitrary call with user controlled data” to a gas contract deployed five days ago to pay blockchain fees on Ethereum ETH +1.23% .
“The hacker crafted special calldata with transferFrom() calls and passed it as swapData to depositToGasZipERC20 to steal approved tokens from the bridge,” Decurity researchers wrote on X.
The attack appears to be a version of the “call injection” exploit that allows attackers to use parameters in the original code to execute legitimate, but unexpected transactions. This type of vulnerability reportedly caused hundreds of millions of dollars worth of crypto to be lost.
A wallet containing drained funds controls over $4 million in ETH and nearly $200,000 in DAI stablecoins, according to DeFi World data . However, that amount is likely an understatement, as USDT and USDC stablecoins also appear to be leaving the platform. Security firm Certik estimates the total losses at around $9 million.
Peckshield , another security firm, alleges a similar attack hit LI.FI in 2022.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Google executive makes millions of dollars overnight through insider trading
Insider addresses manipulated Google algorithms by referring to prediction market odds.
Bitcoin profit metric eyes 2-year lows in 'complete reset:' BTC analysis
Mars Morning News | After the Ethereum Fusaka upgrade, the blob base fee surged by 15 million times
Multiple blockchain industry updates: a Bitcoin OG wallet transferred 2,000 BTC; Cloudflare outage was not caused by a cyberattack; the DAT bubble has burst; Ethereum Fusaka upgrade fees have surged; LUNC has risen over 80% intraday. Summary generated by Mars AI. This summary was generated by the Mars AI model, and the accuracy and completeness of its content are still under iterative improvement.
Drones, Fake Birdsong, and Broken Glass Traps: Malaysia is Undergoing an Unprecedented "Bitcoin Crackdown"
The Malaysian government is intensifying its crackdown on illegal bitcoin mining, utilizing technologies such as drones and sensors to uncover numerous operations, with electricity theft causing significant losses. Summary generated by Mars AI. The accuracy and completeness of the content generated by the Mars AI model are still in the process of iterative improvement.
Trending news
MoreCrypto prices
More
