DMR News

Advancing Digital Conversations

Li.Fi Protocol Suffers Security Breach, Resulting in $10 Million Cryptocurrency Theft

ByDayne Lee

Jul 18, 2024

Li.Fi Protocol Suffers Security Breach, Resulting in $10 Million Cryptocurrency Theft

On July 16, the Li.Fi protocol, which facilitates swaps and bridging between Ethereum Virtual Machine and Solana networks, experienced a significant security breach. Over $10 million worth of cryptocurrencies were drained in an attack that exploited vulnerabilities in the protocol’s smart contracts.

Li.Fi Protocol Suffers Security Breach, Resulting in $10 Million Cryptocurrency Theft
Source: Cyvers

Incident Detection and Initial Response

The attack was first identified by Cyvers, a cybersecurity team that monitors blockchain transactions. Their systems detected suspicious activities involving a specific contract address linked to the Li.Fi protocol. Cyvers promptly alerted the community and recommended that users revoke their approvals for the address involved in the suspicious transactions to mitigate further risks.

Meir Dolev, co-founder and Chief Technology Officer at Cyvers, spoke to Cointelegraph about the incident. He explained that the attackers exploited user approvals to access funds not only stored in the contracts but also in connected wallets. This type of attack underscores the risks associated with granting extensive wallet permissions to smart contracts.

Li.Fi’s Communication with Users

In response to the breach, Li.Fi took to social media to advise its community to cease all interactions with Li.Fi-powered applications until further notice. They clarified that users who had not set infinite approvals were not at risk, but those who had should act immediately to revoke permissions for the compromised addresses.

Li.Fi provided a list of addresses associated with the attack, urging users with infinite approvals to revoke permissions to:

  • 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
  • 0x341e94069f53234fE6DabeF707aD424830525715
  • 0xDE1E598b81620773454588B85D6b5D4eEC32573e
  • 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68

Resolution and Mitigation

By 11:44 am ET on the day of the attack, Li.Fi updated the community that the vulnerability in the smart contract had been addressed and assured that there was no further risk to users. They confirmed that the wallets affected were those set to infinite approvals, which represented a very small portion of their user base.

The theft of approximately $10 million in cryptocurrencies had repercussions beyond Li.Fi, affecting other platforms such as the Arbitrum blockchain. Dolev reiterated the importance of cautious wallet approval practices to prevent such incidents.

The Li.Fi incident is part of a troubling trend in decentralized finance (DeFi) security. For instance, just four days prior, Dough Finance fell victim to a $1.8 million flash loan attack. In this separate but equally concerning event, the attacker utilized the zero-knowledge protocol Railgun to fund the attack, converting stolen USD Coin (USDC) into Ether (ETH).

DateProtocolIncident TypeAmount Stolen
July 12Dough FinanceFlash Loan Attack$1.8 million (608 ETH)
July 16Li.FiSmart Contract Exploit$10 million

The recent attack on the Li.Fi protocol highlights ongoing vulnerabilities in the DeFi ecosystem and the critical need for robust security measures. As the sector continues to grow, both users and developers must prioritize security to protect assets and maintain trust in these innovative financial systems.


Featured image credit: Freepik

Follow us for more breaking news on DMR

Dayne Lee

With a foundation in financial day trading, I transitioned to my current role as an editor, where I prioritize accuracy and reader engagement in our content. I excel in collaborating with writers to ensure top-quality news coverage. This shift from finance to journalism has been both challenging and rewarding, driving my commitment to editorial excellence.

Leave a Reply

Your email address will not be published. Required fields are marked *