NEW CARDING CHAT IN TELEGRAM

LiFi protocol lost at least $8 million as a result of hacking

Carding Forum

Carding Forum

Professional
Messages
2,788
Reputation
8
Reaction score
1,166
Points
113
On July 16, the Cyvers Alerts service detected suspicious transactions in the LiFi protocol. At the time of writing, the incident is ongoing; the amount of damage has reached $8 million.

ALERT @lifiprotocol, Our system has raised suspicious transactions involving your https://t.co/3LzbDK99Ed

We recommend users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae

More than $8M have been drained so far from users and mostly stablecoins!… pic.twitter.com/zsj9DZWnpU
— Cyvers Alerts (@CyversAlerts) July 16, 2024
https://twitter.com/i/web/status/1813189059449102352
Click to expand...

According to experts, the vulnerability is located in the smart contract of the protocol.

Now the hacker is exchanging stolen assets, mainly USDC and USDT stablecoins, for Ethereum.

The LiFi team confirmed the incident and launched an investigation. Users are asked to suspend interaction with all applications based on the protocol, as well as revoke all approvals for a number of affected smart contracts.

Please do not interact with any https://t.co/nlZEnqOyQz powered applications for now!

We're investigating a potential exploit. If you did not set infinite approval, you are not at risk.

Only users that have manually set infinite approvals seem to be affected.

Revoke all…
— LI.FI (@lifiprotocol) July 16, 2024
https://twitter.com/i/web/status/1813207291778215955
Click to expand...

According to the developers, the hack affected customers who manually set the infinite approval of automatic transactions.
 
Carding Forum

Carding Forum

Professional
Messages
2,788
Reputation
8
Reaction score
1,166
Points
113
In LI.FI revealed details of the $11.6 million hack

The LI cross-chain protocol command.FI shared details of the hack, which resulted in users losing $11.6 million in stablecoins USDC, USDT and DAI.

Post-mortem and next steps for @lifiprotocol partners and community:https://t.co/H4EEiLAHEc pic.twitter.com/TZmx0VtLxo
— LI.FI (@lifiprotocol) July 18, 2024
https://twitter.com/i/web/status/1813847242295443589
Click to expand...

According to the statement, the exploit occurred shortly after the deployment of a new aspect of the smart contract.

"The vulnerability occurred because contract callers could make arbitrary calls without verification. This capability was provided by the LibSwap library, which facilitates interaction with multiple DEX, payment collectors, and other entities before connecting or sending funds," the statement said.

Due to an "individual human error" in the contract, there was no verification of approved addresses and functions on the white list, the developers explained.

The attack occurred on the Ethereum and Arbitrum networks, affecting 153 wallets. Only users with permanent approval enabled, which is not the default setting in the API, SDK, or LI widget, were affected.FI, the team emphasized.

"Our top priority is to restore users' assets. We continue to work with law enforcement agencies and relevant third parties, including industry security professionals, to track down and recover stolen funds, " the developers said.

The project assesses the possibility of paying full compensation to victims "as soon as possible".
 
You must log in or register to reply here.

Similar threads

Man
Shadowsocks, OpenVPN, Vmess, VLESS: Which Protocol Will Win in the Age of Digital Censorship?
Replies
0
Views
92
Man
Man
Man
Reticulum — a radio protocol for mesh network. Encrypted peer-to-peer communication without the Internet.
Replies
0
Views
96
Man
Man
Man
MLS (Messaging Layer Security) - a single encryption protocol for all applications
Replies
0
Views
50
Man
Man
Man
Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls
Replies
0
Views
86
Man
Man
Friend
$2 million was stolen from the Bedrock bitcoin restaking protocol
Replies
0
Views
88
Friend
Friend
Top