Li.Fi Protocol Faces Major Security Breach: $10M Drained

YEREVAN (CoinChapter.com) — Li.Fi, an API for Ethereum Virtual Machine and Solana swaps and bridging, is under attack. Hackers exploited a specific contract address, draining over $10 million in cryptocurrencies. This incident has led to urgent actions within the community.

The team monitoring the Li.Fi protocol, Cyvers, detected suspicious transactions related to a particular contract address. Cyvers quickly alerted users about these activities and recommended revoking approvals for the implicated contract address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae.

Meir Dolev, co-founder and CTO of Cyvers, explained the situation.

“Hackers can exploit these approvals to drain both assets stored in the contracts and funds in the connected wallets of users,”

Dolev stated.

Li.Fi Issues Urgent Warning: Revoke These Approvals Now

Li.Fi warned its community to avoid interacting with Li.Fi-powered applications until further notice. This warning aims to protect users from additional losses while the investigation continues.

The team is investigating the potential exploit and clarified that users who did not set infinite approval are not at risk. However, for those who manually set infinite approvals, it is crucial to revoke them immediately. The addresses that need to be revoked include:

• 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
• 0x341e94069f53234fE6DabeF707aD424830525715
• 0xDE1E598b81620773454588B85D6b5D4eEC32573e
• 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68

Arbitrum Blockchain Hit: Li.Fi Breach Exposes DeFi Vulnerabilities

The breach now affects the Arbitrum blockchain. This incident highlights the inherent risks associated with granting wallet approvals to smart contracts.

This breach has sent shockwaves through the decentralized finance (DeFi) community. It underscores the vulnerabilities in DeFi protocols and the importance of stringent security measures. Users are urged to remain cautious and follow security advisories promptly.

Dough Finance Hack: $1.8 Million Stolen in Flash Loan Attack

The Li.Fi breach is not an isolated incident. Decentralized finance protocol Dough Finance recently fell victim to a $1.8 million flash loan attack. The attack on Dough Finance, reported by Cyvers, involved the use of the zero-knowledge protocol Railgun to fund the attack. The attacker swapped the stolen USD Coin (USDC) for Ether (ETH).

According to Web3 security provider Olympix, the exploit resulted in 608 ETH, valued at around $1.8 million. This attack stemmed from unvalidated call data with the “ConnectorDeleverageParaswap.”

In another related incident, Filipino artists were hacked to promote an XRP scam. Such breaches continue to highlight the critical need for robust security protocols in the DeFi space.

The post Li.Fi Protocol Faces Major Security Breach: $10M Drained appeared first on CoinChapter.