Li.Fi protocol was attacked on July 16, resulting in a loss of over $10 million. The exploit was contained, and the team is working with law enforcement to trace the stolen funds.
On July 16, the Li.Fi protocol, a key player in the decentralized finance (DeFi) space, was hit by a significant security breach that resulted in the theft of over $10 million in cryptocurrencies. The attack was characterized as a smart contract exploit, prompting immediate action from the Li.Fi team to mitigate the damage and secure user funds.
The attack on Li.Fi was detected by the team at Cyvers, who reported suspicious transactions linked to a specific contract address. The Li.Fi spokesperson confirmed that the exploit had been contained and that the affected smart contract facet was disabled to prevent further losses.
In a statement, the spokesperson assured users that there was no ongoing risk and that the team was working with law enforcement and industry security experts to trace the stolen funds.
Li.Fi issued a warning to its community, advising users not to interact with any Li.Fi-powered applications until further notice. The team clarified that users who had not set infinite approvals on their wallets were not at risk. For those who had, the following addresses were identified as needing revocation:
By 11:44 am ET on the day of the attack, Li.Fi updated its users, stating that the vulnerability had been mitigated and that only a small number of wallets with infinite approvals were affected. The team emphasized the importance of being cautious with wallet approvals, as hackers can exploit these to drain assets from both contracts and connected wallets.
This incident highlights the ongoing risks associated with decentralized finance protocols, particularly regarding smart contract vulnerabilities. Meir Dolev, co-founder and CTO at Cyvers, noted that this attack serves as a reminder for protocols to maintain vigilance against potential exploits.
The Li.Fi attack is not an isolated incident; it follows a recent trend of security breaches in the DeFi space, including a $1.8 million flash loan attack on Dough Finance just days prior. As the DeFi landscape continues to evolve, the need for robust security measures and user education becomes increasingly critical.
In conclusion, while the Li.Fi team has taken swift action to address the breach and secure user funds, the incident underscores the inherent risks in the DeFi ecosystem and the importance of user awareness in safeguarding assets.
