BREAKING: LI.FI hit with an exploit, nearly million drained so far

Crypto Briefing

Ecosystem

News

July 16, 2024 The Crypto Briefing 0

BREAKING: LI.FI hit with an exploit, nearly $10 million drained so far

now viewing

BREAKING: LI.FI hit with an exploit, nearly $10 million drained so far

July 16, 2024 The Crypto Briefing

Trading for FLOKI, REZ, NTRN, SAGA and STRD opens July 16

July 16, 2024 The Crypto Briefing

now playing

Bitcoin on Verge of Massive Reversal Into Final Wave of Bull Market, According to Analyst Jason Pizzino

July 16, 2024 The Crypto Briefing

now playing

DEX trading volume rises 15.7% in Q2, CEX activity drops

July 16, 2024 The Crypto Briefing

now playing

The Impact of Bitcoin on Online Slot Games: Insights from Slot.org

July 16, 2024 The Crypto Briefing

Kraken partners with Tottenham Hotspur Football Club to innovate the fan experience

July 16, 2024 The Crypto Briefing

now playing

25% of US investors see crypto as a key asset in their portfolio

July 16, 2024 The Crypto Briefing

now playing

Judge Refers Craig Wright for Criminal Prosecution in Bitcoin Case

July 16, 2024 The Crypto Briefing

now playing

Kraken confirms receipt of Mt. Gox Bitcoin distribution

July 16, 2024 The Crypto Briefing

now playing

The ‘Trump Trade’ Is Now on Its Way, According to Economist Alex Krüger – Here’s His Outlook

July 16, 2024 The Crypto Briefing

Cambodian Firm Receives 0K in Crypto From North Korean Hackers

now playing

Cambodian Firm Receives $150K in Crypto From North Korean Hackers

July 16, 2024 The Crypto Briefing

Source: Crypto Briefing

Key Takeaways

Li.fi protocol exploit has drained nearly $10 million, affecting users with infinite approvals.
Experts suspect a call injection attack, urging users to revoke approvals immediately.

Interoperability protocol Li.fi cautioned users not to interact with any applications using their infrastructure, as they are investigating a possible exploit underway. Only users that have manually set infinite approvals seem to be affected.

“Revoke all approvals for:

0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae

0x341e94069f53234fE6DabeF707aD424830525715

0xDE1E598b81620773454588B85D6b5D4eEC32573e

0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68”

Please do not interact with any https://t.co/nlZEnqOyQz powered applications for now! We’re investigating a potential exploit. If you did not set infinite approval, you are not at risk.

Only users that have manually set infinite approvals seem to be affected.

Revoke all…

— LI.FI (@lifiprotocol) July 16, 2024

The first report of a possible exploit was given by the user identified on X as Sudo, who highlighted that nearly $10 million was drained from the protocol. Another X user identified as Wazz pointed out that Web3 wallet Rabby implemented Li.fi as its inbuilt bridge, warning users to check their permissions and revoke them. Notably, the Jumper Exchange is also a well-known application that uses Li.fi services.

Moreover, after blockchain security company CertiK shared on X the ongoing exploit, the user identified as Nick L. Franklin claimed that this is likely a “call injection” attack. A call injection attack consists of inserting a function name parameter from the original code on the client side of the application to execute any legitimate function from the code.

“Oh, call injection! Long time no seen. “swap” function didn’t check call target and call data. Because of this, users who approved to 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae lost their tokens, revoke approval asap! Also, Lifi router set this implementation recently,” said Nick.

According to the blockchain security firm PeckShield, the same hack was used against Li.fi back in March 2022. March 20, 2022. “Are we learning anything from the past lesson(s)?”, stated PeckShield.

Go to Source
Author: Gino Matos

The Crypto Briefing

BREAKING: LI.FI hit with an exploit, nearly $10 million drained so far

Key Takeaways

Related posts:

Share this video