Ethereum
DeFi Protocol Li.Fi Hacked for $11 Million in Ethereum and Stablecoins
Cross-chain DeFi protocol Li.Fi is believed to have lost around $11 million in cryptocurrencies following an exploit. The protocol provided the updated figure after blockchain security firm CertiK previously reported nearly $9 million. earlier Tuesday.
According to CertiK, a wallet linked to the alleged hack contained nearly $6 million in Ethereum (ETH) as of Tuesday, as well as various amounts of several stablecoins. The exploit, which is still under investigation, appears to have targeted some Li.Fi users who manually adjusted their account settings, the protocol’s team said in an X-rated post on Tuesday.
Li.Fi told Decrypt that users are no longer at risk and that the exploit has been “contained.”
The crypto wallet suspected of holding the stolen funds contains approximately $5.8 million in ether, in addition to stablecoins USDC, USDT and DAI, blockchain data shows. watch.
Li.Fi on Tuesday urged users to “immediately use our isolated revocation website,” noting that it had identified four additional security flaws in a Twitter post (aka X).
According to Li.Fi, users must revoke their permissions via revoke.cash. Traders can visit scan.li.fi to check if their accounts have been compromised.
A hacker likely exploited a vulnerability in the Li.Fi bridge, crypto security firm Decurity said in a statement Tuesday. job on Twitter.
“The root cause is the possibility of an arbitrary call with user-controlled data via depositToGasZipERC20() in GasZipFacet which was deployed 5 days ago,” Decurity wrote.
Li.Fi has suffered considerable losses due to security issues in recent years. In 2022, a bug in the protocol’s exchange function led to losses of $600,000 in crypto, according to a report autopsy Li.Fi attack analysis on Medium.
Edited by Andre Hayward
Editor’s Note: This article was updated after publication to include new details from Li.Fi.