LiFi Protocol Hack: Over $8 Million Stolen in Targeted Cyber Attack

full version at beincrypto

LiFi bridging protocol was exploited for over $8 million on Tuesday, with the attacker targeting specific accounts. The platform urged users not to interact with any LiFi-powered applications.

The prevalence of cyber attacks remains a dominant threat to the industry, and participants must stay constantly on guard lest they fall victim.

LiFi Protocol Hacked for Over $8 Million

The LiFi Protocol confirmed the attack in a post on X, urging users not to interact with any LiFi-powered applications. Based on the report, the hacker targeted accounts with a manual “infinite approvals” setting.

“Please do not interact with any LiFi-powered applications for now! We are investigating a potential exploit. If you did not set infinite approval, you are not at risk,” the announcement read.

The platform urges users to revoke all approvals for three addresses, offering to help upon request.

Addresses to revoke, Source: LiFi Protocol

“We urge all users to immediately use our secluded revoke website; four more security breaches have been identified,” the protocol updated. Furthermore, the report added that all user funds who interacted with LiFi protocols are at risk as well. LiFi is one of Superform Protocol’s bridging providers. The attack did not impact Superform.

LiFi protocol did not immediately respond to BeInCrypto’s request for comment.

Various security firms highlighted the attack, including Cyvers and De.Fi Antivirus Web 3. According to the former, the exploit affects approvals for Circle’s USD Coin (USDC), Tether’s USDT stablecoin on Ethereum (ETH) mainnet, and Arbitrum (ARB).

“Check your wallet for any suspicious activities across these networks. If you have interacted with LiFi protocol on either chain, take immediate action to secure your assets,” Cyvers added.

On the other hand, De.Fi Antivirus Web 3 revealed that the exploiter executed a series of suspicious withdrawals from the protocols’ contracts. It also exposed the wallet holding the $8 million loot, showing different currencies on Ethereum and Arbitrum contracts.

The wallet holding loot is from the LiFi protocol. Source: De.Fi Antivirus Web 3

Cyber attacks highlight how risky the decentralized finance (DeFi) space can be. Exploiters capitalize on system vulnerabilities to steal user funds. Only weeks ago, The Open Network (TON) was in the headlines for its susceptibility to phishing attacks.

In May, a crypto investor lost up to $6.9 million in Ether tokens due to a sophisticated phishing scam. The bad actor used a malicious permit signature. Taken together, these reports reveal the sophistication and tactic revamps that bad actors use to plague the industry. They also highlight the need for caution, especially regarding manual settings and granting permissions on sites.