The decentralized finance (DeFi) platform LI.FI protocol recently fell victim to a major exploit, resulting in a loss of over $8 million. Reports from Cyvers Alerts indicated the detection of suspicious transactions within the LI.FI cross-chain transaction aggregator, leading to the confirmation of the breach by LI.FI on July 16. The team advised users to refrain from interacting with any LI.FI powered applications as they investigated a potential exploit.
LI.FI clarified that users who did not set infinite approval are not at risk, with only those who manually set infinite approvals being affected by the exploit. More than $8 million in user funds were stolen, predominantly in stablecoins. The hacker’s wallet held 1,715 Ether (ETH) valued at $5.8 million, along with USDC, USDT, and DAI stablecoins. Users were urged to revoke relevant authorizations immediately to prevent further losses, as the attacker was actively converting USDC and USDT into ETH.
Crypto security firm Decurity provided insights into the exploit, pointing out the involvement of the LI.FI bridge in the attack. Decurity highlighted the root cause as a possibility of an arbitrary call with user-controlled data via depositToGasZipERC20() in GasZipFacet. The exploit underscores the risks associated with token approvals in routers and cross-chain swaps, particularly with smart contracts having total control over removing tokens with unlimited approvals.
Further analysis by PeckShield alert unveiled that the vulnerability in the recent exploit was akin to a previous attack on LI.FI’s protocol back in March 2022. During that incident, a bad actor exploited the smart contract’s swapping feature before bridging, resulting in the theft of approximately 205 ETH from 29 wallets. The exploit targeted tokens like USDC, MATIC, RPL, GNO, USDT, MVI, AUDIO, AAVE, JRT, and DAI, affecting users who had given infinite approval.
Following the 2022 incident, LI.FI disabled all swap methods in its smart contract and worked on developing a fix to prevent future vulnerabilities. However, the recurrence of a similar exploit raises questions about the platform’s security measures and whether adequate steps were taken to address vulnerabilities identified in previous breaches. LI.FI, a liquidity aggregation protocol facilitating cross-chain trades, faces scrutiny over its security practices and the protection of user funds in light of recent exploits.
Leave a Reply