Li.Fi protocol is under attack, $10M drained so far
Li.Fi Protocol, an API for Ethereum Virtual Machine (EVM) and Solana (SOL) swaps and bridging, is under attack as over $10 million in cryptocurrencies have already been drained.
According to Cyvers Alerts, the team’s systems raised suspicious transactions on Li.Fi protocol involving a specific contract address .
Cyvers recommended that users revoke their approvals for the suspected address: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
Speaking with Cointelegraph, Meir Dolev, co-founder and chief technology officer at Cyvers, explained that protocols must be vigilant:
“Hackers can exploit these approvals to drain both assets stored in the contracts and funds in the connected wallets of users.”Source: Cyvers Alerts
Related: Filipino artists hacked to promote XRP scam
LiFi protocol warning
In an X post on July 16, Li.Fi protocol warned its community that users should not interact with Li.Fi-powered applications until further notice.
The team explained that they were investigating the potential exploit and clarified that users who “did not set infinite approval” were not at risk.
For users that manually set infinite approvals, the Li.Fi protocol team stated that the following addresses should be revoked:
- 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
- 0x341e94069f53234fE6DabeF707aD424830525715
- 0xDE1E598b81620773454588B85D6b5D4eEC32573e
- 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68
Related: Lazarus is moving millions from $305M DMM Bitcoin hack — ZachXBT
$10 million drained so far
According to Cyvers Alerts, approximately $10 million in cryptocurrency holdings have been drained so far, and the drain is now also affecting the Arbitrum blockchain.
Dolev told Cointelegraph that “this incident underscores the risks inherent in granting wallet approvals to smart contracts.”
In an X post updating the community on the situation, Cyvers again recommended users revoke the 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae address to prevent further losses.
Related: Dough Finance loses $1.8M in flash loan attack
From drains to flash loan attacks
Decentralized finance (DeFi) protocol Dough Finance was also recently under attack on July 12 after becoming the victim of a $1.8 million flash loan attack .
Cyvers reported on this incident, explaining that the attacker funded the attack through the zero-knowledge (ZK) protocol Railgun and swapped the stolen USD Coin ( USDC ) for Ether ( ETH ).
According to Web3 security provider Olympix, the exploit, which accrued 608 ETH and is valued at around $1.8 million, resulted from unvalidated call data with the "ConnectorDeleverageParaswap.”
Magazine: Crypto-Sec: Evolve Bank suffers data breach, Turbo Toad enthusiast loses $3.6K
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
David Sacks Won't Be Trump's AI and Crypto Czar; Here's What It's All About
Tether invests $775 million in video platform Rumble
XRP on the Rise: Trump Investment Rumors Boost Token’s Appreciation
Sonic Chain Hits Major Block Milestone, Here Are Crucial Stats