BTC dominance: 52.52% • ETH Gas: 13 / 13 / 16
RecentCoin RecentCoin
New coins deployed last 24h: +0
LI.FI protocol loses $10m in second hack due to same old bug

LI.FI protocol loses $10m in second hack due to same old bug

full version at cryptopolitan

Cross-chain trading protocol LI.FI has been hit by “a call injection attack,” security platform, Beosin Alert, reported on Tuesday. About $10 million in crypto assets, including 6.3M USDT, 3.2M USDC, and 169k DAI, have been stolen from the protocol. 

Also read: Kraken reveals bug allowed rogue ‘security researchers’ to exploit $3M

LI.FI co-founder Philipp Zentner confirmed the incident on X (formerly Twitter), noting that only users who have manually set “infinite approvals” were affected. “Please do not interact with any LI.FI powered applications for now. We’re investigating a potential exploit,” Zentner wrote. 

LI.FI allegedly hacked via the same old bug

The vulnerability was traced to the “depositToGasZipERC20()” function of LI.FI contract. According to Beosin’s analysis, the function can swap specified tokens for platform tokens and deposit them into the GasZip contract, but it fails to restrict the data for the call invocation, which allows the attacker to withdraw assets from users who have approvals to the contract.

Elsewhere, another security platform Peckshield reported that LI.FI was also exploited two years ago due to the same vulnerability. “While analyzing today’s LI.FI protocol hack, we noticed an earlier hack on the same protocol on March 20, 2022,” Peckshield posted on X. “The bug is basically the same.”

During the 2022 LI.FI protocol hack, about $600,000 in assets were stolen and drained from the protocol, with 29 wallets affected. The team said in a post-mortem report that the bug was fixed, and all the affected users were reimbursed. 

Also read: 2024 sees nearly $1.4 billion in crypto thefts so far

So far, there are no discussions about reimbursing users affected by the latest hack, at least at the time of writing. However, LI.FI posted they are investigating the exploit and advised users not to interact with any LI.FI powered application in the meantime. 

The incident today comes a little over a year after LI.FI raised $17.5 million in a Series A funding round to enable DeFi users to trade across different blockchains, venues, and bridges. It claims to have facilitated over $10 billion in total transfer volume.

DeBank.com spLP profile by cryptopolitan

Recent Crypto News

MoonBag Crypto Makes Waves with its 88% APY While Fantom and Immutable X Struggle with Price Fluctuations
MoonBag Crypto Makes Waves with its 88% APY While Fantom and Immutable X Struggle with Price Fluctuations
Added 4 minutes, 55 seconds ago by blockchainreporter.net
Michael Saylor on Bitcoin Price Surge: Don’t Miss the Flight to $63,000
Michael Saylor on Bitcoin Price Surge: Don’t Miss the Flight to $63,000
Added 4 minutes, 56 seconds ago by en.coinotag
Trump’s Return Could Unlock Billions for Bitcoin-Backer El Salvador
Trump’s Return Could Unlock Billions for Bitcoin-Backer El Salvador
Added 4 minutes, 57 seconds ago by coinchapter
Analyst Predicts Altcoin and Bitcoin Trends
Analyst Predicts Altcoin and Bitcoin Trends
Added 4 minutes, 58 seconds ago by en.coin-turk
Donald Trump Gains Significant Contributions from Ripple and Crypto Giants for Campaign
Donald Trump Gains Significant Contributions from Ripple and Crypto Giants for Campaign
Added 4 minutes, 59 seconds ago by en.coinotag
Bitcoin [BTC] Faces Market Turbulence Amidst Mt. Gox’s 44,527 BTC Repayment Transfers
Bitcoin [BTC] Faces Market Turbulence Amidst Mt. Gox’s 44,527 BTC Repayment Transfers
Added 5 minutes, 1 second ago by en.coinotag

Recent conversions

5000 CRC to BTC 0.00016 BTC to CAD 30 BNB to AUD 0.004 BNB to AUD 0.00050 BTC to USD 5000 DOP to CZK 10 BTC to ETH 45 BTC to NOK 22000 KRW to CAD 100000 BITS to GBP 1490 THB to EUR