BTC dominance: 52.52% • ETH Gas: 13 / 13 / 16
RecentCoin RecentCoin
New coins deployed last 24h: +0
LiFi DeFi Protocol Hit by $8 Million Exploit, Blockaid Highlights Security Flaws

LiFi DeFi Protocol Hit by $8 Million Exploit, Blockaid Highlights Security Flaws

full version at blockchainreporter.net

In the last few hours, the DeFi protocol LiFi has been hit by a huge $8M exploit. The attacker took advantage of vulnerabilities in LiFi’s smart contracts. The attacker manipulated transactions and drained millions of funds. This significant breach has highlighted several security flaws within LiFi’s system.

Blockaid Identifies Attack on LiFi Using Liquidity Pools

Blockaid, a leading security company, provided insights into the attack. The hacker manipulated liquidity pools and exploited improper slippage control mechanisms. By executing a series of transactions, the attacker inflated token prices. In addition to this, he has managed to withdraw large sums of money. Consequently, it caused substantial financial damage to LiFi.

Apart from directly targeting LiFi, the attackers also manipulated DNS records of projects on SquareSpace. This method simply redirected the real websites alone to the fake IP addresses. For instance, the DNS record of compound.finance was changed to redirect users to a known malicious decentralized application (dApp) intending to trick people into accessing numerous unsafe sites.

The CEO of Blockaid, Ido Ben-Natan, also shared his thoughts on this incident. 

“The recent $8 million exploit on the LiFi protocol underscores the critical need for robust security measures in DeFi space. According to our analysis, this attack was made possible due to a bug in one of LiFi’s proxy contracts – a contract that acts as a middleman between users and the protocol – that allowed them to trick it into sending unauthorized transfer commands and siphon users’ funds.

This incident shows, again, why security audits can no longer be deemed as good enough – projects must complement these with security systems that detect exploits and attacks ahead of time, to mitigate the risk of vulnerabilities that audits overlook.

At Blockaid, we collaborate with DeFi platforms to prevent and mitigate such attacks. Our goal is to enhance the security landscape and protect users from the growing threats in the DeFi ecosystem by implementing security systems that are proactive, work in real-time, and can deploy defenses dynamically.”

$8M LiFi Exploit Highlights DeFi Security Needs

The attacks involved a drainer kit connected to the Inferno drainer group. The on-chain addresses involved in the attack are 0x0000c1c0a9087688bf6f0dfec2f385ebf18b0000 and 0x000037bb05b2cef17c6469f4bcdb198826ce0000. The second major weakness that was leveraged by the attackers was in the proxy implementation. Due to this flaw, the attackers were able to inject function calls into the contracts and execute transfers from calls on the approved users. An example of this exploit can be observed in the deposit to GasZipERC20 function of the hacked contract.

Indeed, due to the measures of security that Blockaid provides, such platforms as MetaMask, Coinbase, and Zerion were able to defeat this attack and prevent their users to become victims of a scam. These platforms did not waste time in doing this and made sure that the assets of the users, when they signed up in the ecosystem, were safe and that trust was maintained.

Finally, the $8 million hack on the LiFi platform showed that strict protection measures are necessary in the sphere of DeFi. Though LiFi became the subject of such an evolved attack, actions by Blockaid and other platforms denied users a flood of dangers. This case showed that it is still necessary to be careful and adhere to high levels of security even in such an actively growing and evolving area as decentralized finance.

DeBank.com spLP profile by blockchainreporter.net

Recent Crypto News

BlockDAG Promo Ignites $58.8M Presale; Polygon Dips, Ethereum Secures
BlockDAG Promo Ignites $58.8M Presale; Polygon Dips, Ethereum Secures
Added 13 minutes, 41 seconds ago by ambcrypto
Crypto stock Marathon Digital Holdings (MARA) up 39%: Why and what next?
Crypto stock Marathon Digital Holdings (MARA) up 39%: Why and what next?
Added 13 minutes, 43 seconds ago by ambcrypto
StarkWare verifies zero-knowledge proof on Bitcoin test network
StarkWare verifies zero-knowledge proof on Bitcoin test network
Added 13 minutes, 44 seconds ago by theblock.co
Bybit: MiCA Legitimizing Stablecoins Will Set Europe’s Crypto Market Up to Soar
Bybit: MiCA Legitimizing Stablecoins Will Set Europe’s Crypto Market Up to Soar
Added 13 minutes, 45 seconds ago by dailycoin
BlockDAG’s Efficient Consensus & X30 Miner Promise Exponential Returns By 2025; Solana ETF Hype & XRP Bearish Trends
BlockDAG’s Efficient Consensus & X30 Miner Promise Exponential Returns By 2025; Solana ETF Hype & XRP Bearish Trends
Added 13 minutes, 46 seconds ago by blockchainreporter.net
BlockDAG Releases X1 Miner App on Apple Store, Presale Rises to $58.8M; Uniswap and Tron (TRX) Forecasts
BlockDAG Releases X1 Miner App on Apple Store, Presale Rises to $58.8M; Uniswap and Tron (TRX) Forecasts
Added 13 minutes, 47 seconds ago by captainaltcoin

Recent conversions

0.0114 BTC to NOK 0.0666 ETH to CAD 0.00036 BTC to GBP 0.0625 BTC to USD 250000 CRO to EUR 0.00010000 BTC to AUD 1 PKR to PAB 45 BTC to CAD 0.00700000 BTC to ETH 0.9 BTC to BTC 645 DOGE to ETH