On July 16, the Li.Fi protocol, which facilitates swaps and bridging between Ethereum Virtual Machine and Solana networks, experienced a significant security breach. Over $10 million worth of cryptocurrencies were drained in an attack that exploited vulnerabilities in the protocol’s smart contracts.
Incident Detection and Initial Response
The attack was first identified by Cyvers, a cybersecurity team that monitors blockchain transactions. Their systems detected suspicious activities involving a specific contract address linked to the Li.Fi protocol. Cyvers promptly alerted the community and recommended that users revoke their approvals for the address involved in the suspicious transactions to mitigate further risks.
Meir Dolev, co-founder and Chief Technology Officer at Cyvers, spoke to Cointelegraph about the incident. He explained that the attackers exploited user approvals to access funds not only stored in the contracts but also in connected wallets. This type of attack underscores the risks associated with granting extensive wallet permissions to smart contracts.
Li.Fi’s Communication with Users
In response to the breach, Li.Fi took to social media to advise its community to cease all interactions with Li.Fi-powered applications until further notice. They clarified that users who had not set infinite approvals were not at risk, but those who had should act immediately to revoke permissions for the compromised addresses.
Li.Fi provided a list of addresses associated with the attack, urging users with infinite approvals to revoke permissions to:
- 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
- 0x341e94069f53234fE6DabeF707aD424830525715
- 0xDE1E598b81620773454588B85D6b5D4eEC32573e
- 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68
Resolution and Mitigation
By 11:44 am ET on the day of the attack, Li.Fi updated the community that the vulnerability in the smart contract had been addressed and assured that there was no further risk to users. They confirmed that the wallets affected were those set to infinite approvals, which represented a very small portion of their user base.
The theft of approximately $10 million in cryptocurrencies had repercussions beyond Li.Fi, affecting other platforms such as the Arbitrum blockchain. Dolev reiterated the importance of cautious wallet approval practices to prevent such incidents.
The Li.Fi incident is part of a troubling trend in decentralized finance (DeFi) security. For instance, just four days prior, Dough Finance fell victim to a $1.8 million flash loan attack. In this separate but equally concerning event, the attacker utilized the zero-knowledge protocol Railgun to fund the attack, converting stolen USD Coin (USDC) into Ether (ETH).
| Date | Protocol | Incident Type | Amount Stolen |
|---|---|---|---|
| July 12 | Dough Finance | Flash Loan Attack | $1.8 million (608 ETH) |
| July 16 | Li.Fi | Smart Contract Exploit | $10 million |
The recent attack on the Li.Fi protocol highlights ongoing vulnerabilities in the DeFi ecosystem and the critical need for robust security measures. As the sector continues to grow, both users and developers must prioritize security to protect assets and maintain trust in these innovative financial systems.
