LiFi Protocol, an asset swap and bridge platform appropriate with Solana and EVM chains, has been exploited for about $10 million.
The DeFi platform acknowledged the breach however didn’t reveal the precise quantity misplaced. It urged neighborhood members to keep away from interacting with its system.
It wrote:
“Please don’t work together with any LIFI powered functions for now! We’re investigating a possible exploit. Should you didn’t set infinite approval, you aren’t in danger. Solely customers which have manually set infinite approvals appear to be affected.”
$10 million drained
On July 16, Cyvers Alert, a web3 safety platform, reported suspicious transactions involving a LiFi sensible contract.
The platform revealed that these transactions led to losses of about $10 million in consumer belongings—together with $6.3 million in USDT, $3.1 million in USDC, and round $170,000 in DAI stablecoin—throughout varied blockchain networks, together with the Ethereum layer-2 community Arbitrum.
Blockchain analyst Lookonchain reported that the stolen stablecoins have been exchanged for two,857 ETH, equal to $9.7 million, and distributed to a number of wallets.
Meir Dolev, co-founder and chief expertise officer at Cyvers, instructed CryptoSlate:
“The incident highlights the risks of giving pockets approvals to sensible contracts. It’s essential for protocols to remain alert, as hackers can benefit from these approvals to steal each belongings within the contracts and funds in customers’ related wallets.”
One other Blockchain safety agency, Blockaid, defined that the basis of the assault was exploiting the platform’s proxy implementation. It added:
“The attackers have managed to take advantage of a vulnerability within the proxy implementation, the place an attacker is ready to inject operate name to the contract – a capability they’ve then used to inject transferFrom calls on authorised customers.”
Notably, blockchain safety agency Peckshield identified that the Li.Fi platform suffered an analogous assault in March 2022. At the moment, Li.Fi mentioned the attacker exploited its sensible contract by means of a swapping characteristic that calls token contracts instantly as a substitute of performing precise swaps.
In the meantime, the assault has led to the spreading of a number of phishing rip-off hyperlinks on social media, urging customers to “revoke” their entry to the platform by way of suspicious hyperlinks.
