Hackers steal $97M in crypto through LI-FI protocol vulnerabilities

TLDR:

• The LI.FI Protocol was the target of a cyber attack that resulted in $9.7 million stolen in cryptocurrency.
• The attackers exploited multiple vulnerabilities such as infinite approvals, call injection, and cross-chain vulnerabilities.

The LI.FI Protocol, a cross-chain bridging and swapping platform, fell victim to a sophisticated cyber-attack that led to the theft of approximately $9.7 million in various cryptocurrencies. The exploit primarily affected users who had set infinite approvals on specific contracts within the protocol. The attack was first identified when LI.FI Protocol issued a warning to its users, advising them not to interact with any LI.FI-powered applications while they investigated the exploit. The attackers targeted vulnerabilities such as infinite approvals, call injection, and cross-chain vulnerabilities, affecting multiple chains including Ethereum and Arbitrum.

The stolen funds, mostly stablecoins, were quickly converted to Ethereum by the attackers. LI.FI Protocol urged users to avoid interactions with their applications, revoke approvals for specific contract addresses, and take steps to secure their assets. This incident was the second major exploit for LI.FI Protocol, emphasizing the ongoing challenges in securing decentralized finance (DeFi) protocols and the importance of robust security measures. As investigations continue, the crypto community remains vigilant about the risks associated with DeFi platforms and the need for caution when granting permissions to smart contracts.