{"id":15346,"date":"2024-07-19T10:02:36","date_gmt":"2024-07-19T07:02:36","guid":{"rendered":"https:\/\/forklog.com\/en\/li-fi-reveals-details-of-11-6-million-hack\/"},"modified":"2024-07-19T10:02:36","modified_gmt":"2024-07-19T07:02:36","slug":"li-fi-reveals-details-of-11-6-million-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/li-fi-reveals-details-of-11-6-million-hack\/","title":{"rendered":"LI.FI Reveals Details of $11.6 Million Hack"},"content":{"rendered":"<p>The team behind the cross-chain protocol LI.FI has disclosed details of a hack that resulted in users losing $11.6 million in stablecoins USDC, USDT, and DAI.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Post-mortem and next steps for <a href=\"https:\/\/twitter.com\/lifiprotocol?ref_src=twsrc%5Etfw\">@lifiprotocol<\/a> partners and community:<a href=\"https:\/\/t.co\/H4EEiLAHEc\">https:\/\/t.co\/H4EEiLAHEc<\/a> <a href=\"https:\/\/t.co\/TZmx0VtLxo\">pic.twitter.com\/TZmx0VtLxo<\/a><\/p>\n<p>\u2014 LI.FI (@lifiprotocol) <a href=\"https:\/\/twitter.com\/lifiprotocol\/status\/1813847242295443589?ref_src=twsrc%5Etfw\">July 18, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to the statement, the exploit occurred shortly after the deployment of a new aspect of the smart contract.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe vulnerability arose because contract callers could make arbitrary calls without verification. This capability was provided by the LibSwap library, which facilitates interaction with multiple DEXs, payment aggregators, and other entities before connecting or sending funds,\u201d the statement said.<\/p>\n<\/blockquote>\n<p>Due to an \u201cindividual human error,\u201d the contract lacked verification of approved addresses and whitelisted functions, the developers explained.<\/p>\n<p>The attack occurred on the Ethereum and Arbitrum networks, affecting 153 wallets. Only users with permanent approval enabled, which is not the default setting in the <span data-descr=\"Application Programming Interface \u2014 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\" class=\"old_tooltip\">API<\/span>, <span data-descr=\"software development kit \u2014 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u041f\u041e\" class=\"old_tooltip\">SDK<\/span>, and LI.FI widget, were impacted, the team emphasized.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cOur main priority is the recovery of users&#8217; assets. We continue to engage with law enforcement and relevant third parties, including industry security experts, to trace and recover the stolen funds,\u201d the developers stated.<\/p>\n<\/blockquote>\n<p>The project is evaluating the possibility of providing full compensation to the affected users \u201cas soon as possible.\u201d<\/p>\n<p>Earlier in July, the Indian cryptocurrency exchange WazirX lost $235 million in digital assets due to a hack. Experts at Elliptic concluded that North Korean hackers were behind the attack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The team behind the cross-chain protocol LI.FI has disclosed details of a hack that resulted in users losing $11.6 million in stablecoins USDC, USDT, and DAI. Post-mortem and next steps for @lifiprotocol partners and community:https:\/\/t.co\/H4EEiLAHEc pic.twitter.com\/TZmx0VtLxo \u2014 LI.FI (@lifiprotocol) July 18, 2024 According to the statement, the exploit occurred shortly after the deployment of a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":15345,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1210,44],"class_list":["post-15346","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cross-chain-protocols","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"44","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/15346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=15346"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/15346\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/15345"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=15346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=15346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=15346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}