LiFi Protocol Targeted in $10 Million Crypto Heist

LiFi Protocol Targeted in $10 Million Crypto Heist

The LiFi Protocol, an API facilitating swaps and bridging for Ethereum Virtual Machine (EVM) and Solana (SOL), is currently under attack, with losses exceeding $10 million in cryptocurrencies.

According to Cyvers Alerts, suspicious transactions were detected on the Li.Fi protocol involving a specific contract address, triggering the team’s systems to raise the alarm.

Cyvers has advised users to revoke their approvals for the suspected address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae.

In an interview with Cointelegraph, Meir Dolev, co-founder and CTO at Cyvers, emphasized the need for protocols to remain vigilant. He stated, “Hackers can exploit these approvals to drain assets stored in contracts and funds in users’ connected wallets.”

LiFi Protocol Issues Warning

In a July 16 X post, LiFi Protocol alerted its community, advising users to refrain from interacting with Li.Fi-powered applications until further notice. The team is investigating the potential exploit and clarified that users who have not set infinite approval are not at risk.

For users who have manually set infinite approvals, the Li.Fi Protocol team has urged them to revoke the following addresses:

• 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
• 0x341e94069f53234fE6DabeF707aD424830525715
• 0xDE1E598b81620773454588B85D6b5D4eEC32573e
• 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68

$10 Million Drained

Cyvers Alerts reports that approximately $10 million in cryptocurrency holdings have been drained, with the attack now extending to the Arbitrum blockchain. Dolev highlighted the risks associated with granting wallet approvals to smart contracts, stressing the need for caution.

Cyvers reiterated in a subsequent X post that users should revoke the 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae address to mitigate further losses.

DeFi Attacks Continue: Dough Finance Hit by Flash Loan Attack

In related news, decentralized finance (DeFi) protocol Dough Finance recently suffered a $1.8 million flash loan attack on July 12. Cyvers reported that the attacker utilized the zero-knowledge (ZK) protocol Railgun to fund the attack and subsequently swapped the stolen USD Coin for Ether (ETH).

Web3 security provider Olympix revealed that the exploit, which yielded 608 ETH valued at approximately $1.8 million, was due to unvalidated call data with the “ConnectorDeleverageParaswap.”