LI.FI Protocol Exploit: $8M Theft Dominated by ETH and Stablecoins

full version at en.coinotag

The decentralized finance (DeFi) platform LI.FI protocol has experienced a significant exploit resulting in over $8 million in losses.
Suspicious activities in the LI.FI cross-chain transaction aggregator were detected by Cyvers Alerts.
LI.FI has warned users against utilizing its applications until the issue is resolved, underscoring the need to revoke specific token approvals.

Breaking news: LI.FI protocol hit by an $8 million exploit, prompting urgent security advisories for DeFi users.

LI.FI Confirms $8 Million Breach and Issues Urgent Warning

On July 16, LI.FI announced via X that its platform had been compromised, advising users to avoid interacting with any LI.FI-powered applications. The team highlighted that users who did not set infinite approvals are not affected, while those who manually configured such settings should revoke their approvals immediately.

Repercussions of the Exploit and User Impact

Cyvers Alerts disclosed that the attacker initially targeted stablecoins, draining over $8 million. On-chain analysis revealed that the malicious actor’s wallet now holds 1,715 Ether (ETH) worth around $5.8 million, alongside USDC, USDT, and DAI stablecoins. Users are urged to act swiftly by revoking token approvals to prevent further losses.

Technical Insights into the Exploit

Decurity, a leading crypto security firm, identified the vulnerability within the LI.FI bridge system. The exploit is linked to the depositToGasZipERC20() function in the GasZipFacet, which was deployed merely five days ago. This issue allows arbitrary calls with user-controlled data, posing significant risks to token approvals during cross-chain transactions.

Best Practices for Ensuring Wallet Security

Carlos Mercado, a Data Scientist at Flipside Crypto, emphasized the importance of understanding token approvals and using approval manager apps like Revoke Cash. He also recommended regularly rotating wallet addresses to minimize exposure to such exploits. Users should start fresh addresses with zero approvals to enhance security.

Comparison with the March 2022 Exploit

PeckShield Alert pointed out that the current breach mirrors a previous attack on LI.FI’s protocol from March 2022. That incident involved a similar method of exploiting the protocol’s smart contract by manipulating the swapping feature, resulting in the theft of 205 ETH. Despite LI.FI’s efforts to disable all swap methods and implement fixes, the recurrence of this vulnerability raises questions about the effectiveness of their security measures.

Conclusion

This latest exploit on LI.FI underscores the critical need for continuous vigilance and robust security measures in the DeFi space. Users are advised to revoke specific token approvals and stay updated on security advisories from LI.FI. As the industry evolves, the lessons from these incidents should drive better security practices and protocols to safeguard digital assets.