Li.Fi Protocol Releases $11.6 Million Hack Report

Key Takeaways
  • The Li.Fi protocol experienced a security breach resulting in the loss of over $11.6 million in cryptocurrencies.
  • Hackers exploited a vulnerability in a newly deployed smart contract facet, allowing unauthorized calls to any contract.
  • The breach impacted 156 wallets with the "infinite approvals" option on the Ethereum and Arbitrum networks.
19-07-2024 By: Shubham Sahu
Li.Fi Protocol Relea

Li.Fi Protocol Breach Leads to $11.6M Crypto Loss

On July 16, 2024, the Li.Fi protocol, which supports Ethereum Virtual Machine, Solana swaps, and bridging, suffered a major security breach, resulting in the loss of over $11.6 million in cryptocurrencies. Hackers exploited vulnerabilities by using approvals from a malicious contract address to drain assets from contracts and users' connected wallets.

Cyvers Alerts reported suspicious transactions targeting the Li.Fi protocol, advising users to revoke approvals for the address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae. Meir Dolev, Cyvers' co-founder and CTO, emphasized the risks of such approvals.

The Li.Fi team warned users not to interact with Li.Fi-powered applications and provided additional addresses to revoke. The breach has extended to the Arbitrum blockchain, underscoring the risks of granting approvals to smart contract wallets. Meir Dolev, co-founder and Chief Technology Officer at Cyvers reiterated the need for vigilance among users and developers.

Human Error Leads to $11.6M Li.Fi Hack: Incident Report

Following a $11.6 million hack, the Li.Fi protocol team released an incident report detailing the breach. The attack exploited a vulnerability in a newly deployed smart contract facet, allowing unauthorized calls to any contract. This flaw originated from the LibSwap library, which facilitates asset bridging and swapping. Human error in deploying the smart contract facet was identified as the root cause.

The breach affected 156 wallets with the "infinite approvals" option on the Ethereum and Arbitrum networks. Users without this option were not impacted. Li.Fi announced a voluntary compensation plan to reimburse 100% of the affected users' funds.

This is not the first time, previously in March 202, Li.Fi witnessed the same type of exploit and hackers drained approximately $600,000 from 29 wallets at that time. The protocol quickly responded to this incident and reimbursed investors for their losses.

The protocol is now focusing on the recovery of the stolen cryptocurrencies and partnered with law enforcement authorities and industry security teams to recover lost funds. Moreover, The LiFi team is now taking measures to enhance security which should follow the guidelines of the National Institute of Standards and Technology (NIST).

Conclusion

The recent $11.6 million hack of the Li.Fi protocol underscores the critical importance of robust security measures in the blockchain space. While the breach exploited a vulnerability caused by human error, the swift response from the Li.Fi team, including a voluntary compensation plan and collaboration with law enforcement, demonstrates their commitment to user protection and recovery.

Read More: OpenAI Reveals New Small AI Model GPT-4o Mini

WHAT'S YOUR OPINION?
Related News
Related Blogs