LI.FI Protocol Hack: Attackers Exploit Multiple Flaws, Stolen $9.7M in Crypto
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The LI.FI Protocol, a cross-chain bridging and swapping platform, was the victim of a sophisticated cyber-attack that stole approximately $9.7 million in various cryptocurrencies. The exploit primarily affected users who had manually set infinite approvals on specific contracts within the protocol.
The attack was first detected when LI.FI Protocol issued an urgent warning to its users, advising them not to interact with any LI.FI-powered applications while they investigated a potential exploit. Security firms and blockchain analysts quickly confirmed the breach, with Cyvers Alerts reporting suspicious transactions involving LI.FI Protocol on multiple chains.
The user identified as Sudo was the first to report a possible exploit on X. Sudo highlighted that nearly $10 million was drained from the protocol.
Lifi Finance getting drained while we speak (almost ~10m so far). Looks like a router approval exploit (to be confirmed).https://t.co/iO8P27mPyX
— sudo rm -rf –no-preserve-root / (@pcaversaccio) July 16, 2024
The attackers targeted several vulnerabilities:
The stolen funds primarily consisted of stablecoins such as USDC and USDT, which were swiftly converted to Ethereum (ETH) by the attackers. On-chain data showed that the wallet containing the stolen funds held 1,715 ETH worth $5.8 million, along with various stablecoins.
In response to the attack, LI.FI Protocol urged users to take immediate action:
Update: Please do not interact with any https://t.co/aFBBSzKVkP powered applications for now!
We have identified 4 more exploited contracts, we have set up a secluded revoking website for the time being.
Revoke now: https://t.co/OMUuSVF0EA#Revoke #LIFI $LIFI pic.twitter.com/HQmw27DETS
— LI.FI Protocol (@sasshoesksa) July 16, 2024
This incident marks the second major exploit for LI.FI Protocol, following a $600,000 loss in March 2022 due to a smart contract vulnerability. The recurring nature of these attacks underscores the ongoing challenges in securing decentralized finance (DeFi) protocols and the importance of robust security measures.
As investigations continue, the crypto community remains on high alert. This exploit is a clear reminder of the risks associated with DeFi platforms and the critical need for users to be cautious when granting permissions to smart contracts.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
LI.FI Protocol Hack: Attackers Exploit Multiple Flaws, Stolen $9.7M in Crypto
Author: Guru BaranThe LI.FI Protocol, a cross-chain bridging and swapping platform, was the victim of a sophisticated cyber-attack that stole approximately $9.7 million in various cryptocurrencies. The exploit primarily affected users who had manually set infinite approvals on specific contracts within the protocol.
The attack was first detected when LI.FI Protocol issued an urgent warning to its users, advising them not to interact with any LI.FI-powered applications while they investigated a potential exploit. Security firms and blockchain analysts quickly confirmed the breach, with Cyvers Alerts reporting suspicious transactions involving LI.FI Protocol on multiple chains.
The user identified as Sudo was the first to report a possible exploit on X. Sudo highlighted that nearly $10 million was drained from the protocol.
Lifi Finance getting drained while we speak (almost ~10m so far). Looks like a router approval exploit (to be confirmed).https://t.co/iO8P27mPyX
— sudo rm -rf –no-preserve-root / (@pcaversaccio) July 16, 2024
The attackers targeted several vulnerabilities:
- Infinite approvals: Users who had manually set infinite approvals for certain contracts were most affected by the exploit.
- Call injection: Security experts suspect that the attack involved a “call injection” technique, where attackers manipulated function calls to execute unauthorized actions.
- Cross-chain vulnerability: The exploit affected multiple chains, including Ethereum and Arbitrum, highlighting the complexity of securing cross-chain protocols.
The stolen funds primarily consisted of stablecoins such as USDC and USDT, which were swiftly converted to Ethereum (ETH) by the attackers. On-chain data showed that the wallet containing the stolen funds held 1,715 ETH worth $5.8 million, along with various stablecoins.
In response to the attack, LI.FI Protocol urged users to take immediate action:
- Avoid interactions: Users were advised to refrain from interacting with any LI.FI-powered applications.
- Revoke approvals: The protocol provided specific contract addresses for which users should revoke all approvals.
- Asset security: Users who had interacted with LI.FI Protocol on affected chains were advised to take immediate steps to secure their assets.
Update: Please do not interact with any https://t.co/aFBBSzKVkP powered applications for now!We have identified 4 more exploited contracts, we have set up a secluded revoking website for the time being.
Revoke now: https://t.co/OMUuSVF0EA#Revoke #LIFI $LIFI pic.twitter.com/HQmw27DETS
— LI.FI Protocol (@sasshoesksa) July 16, 2024
This incident marks the second major exploit for LI.FI Protocol, following a $600,000 loss in March 2022 due to a smart contract vulnerability. The recurring nature of these attacks underscores the ongoing challenges in securing decentralized finance (DeFi) protocols and the importance of robust security measures.
As investigations continue, the crypto community remains on high alert. This exploit is a clear reminder of the risks associated with DeFi platforms and the critical need for users to be cautious when granting permissions to smart contracts.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
