LI.FI Protocol Exploit
The decentralized finance (DeFi) platform LI.FI protocol recently fell victim to an exploit resulting in approximately an $8 million loss following suspicious withdrawals. Users are urged not to interact with any LI.FI powered applications at this time. The team is currently investigating a potential exploit, reassuring users that those who did not set infinite approval are not at risk.
LI.FI is a DeFi protocol designed to facilitate trading across different blockchains, venues, and bridges. However, a wallet containing stolen funds was discovered to hold 1,715 ether (ETH) valued at $5.8 million, along with USDC, USDT, and DAI stablecoins.
Crypto security firm Decurity identified that the exploit is related to the LI.FI bridge. The root cause seems to be an arbitrary call with user-controlled data via ‘depositToGasZipERC20()’ in GasZipFacet, a feature deployed just five days prior to the exploit.
According to a report by Immunefi in May, the first half of 2024 witnessed $473 million in losses due to hacks, exploits, and rug pulls within the crypto space. Such incidents highlight the ongoing challenges and risks associated with DeFi platforms and the importance of robust security measures.