Monday , 23 December 2024
Home Kripto Li.Fi Protocol Suffers Security Breach, Resulting in $10 Million Cryptocurrency Theft
Kripto

Li.Fi Protocol Suffers Security Breach, Resulting in $10 Million Cryptocurrency Theft

Li.Fi Protocol Suffers Security Breach, Resulting in  Million Cryptocurrency Theft

On July 16, the Li.Fi protocol, which facilitates swaps and bridging between Ethereum Virtual Machine and Solana networks, experienced a significant security breach. Over $10 million worth of cryptocurrencies were drained in an attack that exploited vulnerabilities in the protocol’s smart contracts.

Li.Fi Protocol Suffers Security Breach, Resulting in $10 Million Cryptocurrency Theft
Source: Cyvers

Incident Detection and Initial Response

The attack was first identified by Cyvers, a cybersecurity team that monitors blockchain transactions. Their systems detected suspicious activities involving a specific contract address linked to the Li.Fi protocol. Cyvers promptly alerted the community and recommended that users revoke their approvals for the address involved in the suspicious transactions to mitigate further risks.

Meir Dolev, co-founder and Chief Technology Officer at Cyvers, spoke to Cointelegraph about the incident. He explained that the attackers exploited user approvals to access funds not only stored in the contracts but also in connected wallets. This type of attack underscores the risks associated with granting extensive wallet permissions to smart contracts.

Li.Fi’s Communication with Users

In response to the breach, Li.Fi took to social media to advise its community to cease all interactions with Li.Fi-powered applications until further notice. They clarified that users who had not set infinite approvals were not at risk, but those who had should act immediately to revoke permissions for the compromised addresses.

Li.Fi provided a list of addresses associated with the attack, urging users with infinite approvals to revoke permissions to:

  • 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
  • 0x341e94069f53234fE6DabeF707aD424830525715
  • 0xDE1E598b81620773454588B85D6b5D4eEC32573e
  • 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68

Resolution and Mitigation

By 11:44 am ET on the day of the attack, Li.Fi updated the community that the vulnerability in the smart contract had been addressed and assured that there was no further risk to users. They confirmed that the wallets affected were those set to infinite approvals, which represented a very small portion of their user base.

The theft of approximately $10 million in cryptocurrencies had repercussions beyond Li.Fi, affecting other platforms such as the Arbitrum blockchain. Dolev reiterated the importance of cautious wallet approval practices to prevent such incidents.

The Li.Fi incident is part of a troubling trend in decentralized finance (DeFi) security. For instance, just four days prior, Dough Finance fell victim to a $1.8 million flash loan attack. In this separate but equally concerning event, the attacker utilized the zero-knowledge protocol Railgun to fund the attack, converting stolen USD Coin (USDC) into Ether (ETH).

Date Protocol Incident Type Amount Stolen
July 12 Dough Finance Flash Loan Attack $1.8 million (608 ETH)
July 16 Li.Fi Smart Contract Exploit $10 million

The recent attack on the Li.Fi protocol highlights ongoing vulnerabilities in the DeFi ecosystem and the critical need for robust security measures. As the sector continues to grow, both users and developers must prioritize security to protect assets and maintain trust in these innovative financial systems.

Related Articles

Rivian Adds YouTube, Google Cast, and SiriusXM to Its EVs
Kripto

Rivian Adds YouTube, Google Cast, and SiriusXM to Its EVs

Rivian has expanded its in-car entertainment features, introducing YouTube, Google Cast, and...

Sony invests 0 million to become Kadokawa’s largest shareholder
Kripto

Sony invests $320 million to become Kadokawa’s largest shareholder

Sony Group has announced plans to deepen its stake in Kadokawa Corporation,...

Bitfinex Hacker Issues Statement Following Sentencing
Kripto

Bitfinex Hacker Issues Statement Following Sentencing

Ilya Lichtenstein, the notorious hacker behind the 2016 Bitfinex cryptocurrency exchange heist,...

Nigerian SEC Introduces Stricter Regulations for Crypto Marketing
Kripto

Nigerian SEC Introduces Stricter Regulations for Crypto Marketing

The Nigerian Securities and Exchange Commission (SEC) has revised its regulations concerning...