LI.FI Protocol Suffers $8 Million Loss in Security Breach

On July 16, Cyvers Alerts identified suspicious transactions within the LI.FI protocol. At the time of writing, the incident is ongoing, with losses amounting to $8 million.

?ALERT?@lifiprotocol, Our system has raised suspicious transactions involving your https://t.co/3LzbDK99Ed

We recommend users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae

More than $8M have been drained so far from users and mostly stablecoins!… pic.twitter.com/zsj9DZWnpU

— ? Cyvers Alerts ? (@CyversAlerts) July 16, 2024

Experts indicate that the vulnerability lies within the protocol’s smart contract.

Currently, the hacker is exchanging the stolen assets, primarily USDC and USDT stablecoins, for Ethereum.

The LI.FI team has confirmed the incident and initiated an investigation. Users are advised to cease interaction with all protocol-based applications and revoke all approvals for several affected smart contracts.

Please do not interact with any https://t.co/nlZEnqOyQz powered applications for now!

We’re investigating a potential exploit. If you did not set infinite approval, you are not at risk.

Only users that have manually set infinite approvals seem to be affected.

Revoke all…

— LI.FI (@lifiprotocol) July 16, 2024

According to the developers, the breach affected clients who manually set infinite approval for automated transactions.

Earlier in June, an unknown hacker breached the UwU Lend protocol, resulting in losses of $19.3 million and $3.72 million on June 10 and 13, respectively.