Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
LI.FI Hack Steals $10 From Users: How to Protect Your Funds

LI.FI Hack Steals $10 From Users: How to Protect Your Funds

DailyCoinDailyCoin2024/07/17 00:46
By:DailyCoin
  • LI.FI Protocol breached, causing $10M in losses. 
  • Crypto security firms are investigating. 
  • Users should revoke approvals for the protocol.

The decentralized finance (DeFi) sector has experienced significant growth, on a promise of a future without banks and regulation. However, the lack of these intermediaries also exposes users to risks, including scams and hacks. 

Sponsored

Most recently, the cross-chain transaction aggregator LI.FI was the latest target of a hack , exposing vulnerabilities in the system. As a result, users lost over $10 million in stablecoins so far. What is more, security experts suggest that more user funds could be at risk. 

How The LI.FI Protocol Hack Happened

DeFi hackers are using increasingly creative methods to exploit vulnerabilities. On Tuesday, July 16, crypto security firm Cyvers reported a security breach in the LI.FI protocol, a major cross-chain transaction aggregator. 

🚨ALERT🚨 @lifiprotocol , Our system has raised suspicious transactions involving your https://t.co/3LzbDK99Ed

We recommend users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae

More than $8M have been drained so far from users and mostly stablecoins!… pic.twitter.com/zsj9DZWnpU

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 16, 2024

The initial breach was detected on the Ethereum blockchain and quickly expanded to the Arbitrum network. Over $10 million in stablecoins, primarily USDC and USDT, were stolen during this attack. Soon after, the attackers started converting these stablecoins into ETH. 

A smart contract exploit earlier today has been contained and the affected smart contract facet disabled.

There is currently no further risk to users.

The only wallets affected were set to infinite approvals, and represented only a very small number of users.

We are engaging…

— LI.FI (@lifiprotocol) July 16, 2024

After the security firm reported the incident, LI.FI protocol team confirmed the breach. They claimed that the primary vulnerability was coming from an infinite approval setting for transactions, which enabled attackers to steal all the funds. 

How to Protect Yourself From Infinite Approval Exploit

Infinite approval exploits occur when users grant unlimited permission for a smart contract to access their funds. While this is convenient for repeated transactions without requiring user confirmation each time, it also opens up significant security risks. If the smart contract or platform is compromised, attackers can use it to drain all funds from users. 

Sponsored

Revoke approvals: While LI.FI claimed that no further funds were at risk, and Cyvers security firm urged users to revoke approvals for the compromised addresses immediately. Tools such as Revoke.cash can help users manage and revoke token approvals easily. 

Review approvals: Users should regularly check their token approvals and revoke any that are unnecessary or pose a potential risk. 

Set limits: Instead of granting infinite approval, users can set limits on the amount a smart contract can access. This way, even if a breach occurs, the potential loss is capped.

While DeFi protocols must ensure robust security measures, users also bear responsibility for their security settings. By following these steps, users can limit the risk of falling victim to hacks. 

On the Flipside

  • The LI.FI breach is part of a broader pattern of security challenges facing DeFi platforms. Similar to previous incidents involving protocols like Multichain and SushiSwap. 
  • Breaches like this erode user trust in DeFi platforms. Users are less likely to engage with dApps when breaches like this happen.

Why This Matters

The LI.FI breach highlights the critical importance of vigilance and proactive security measures in the DeFi space. Users need to be aware of their security settings and take regular steps to manage permissions and protect their assets.

Read more about how to protect your funds: 
How to Stay Safe From Phishing in Crypto Mailing List Hack

Read more about the Chromia Mainnet launch: 
Chromia Mainnet Launch Sets the Stage for Next-Gen Blockchain Networks

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Robert Kiyosaki Backs Saylor’s $13M Bitcoin Prediction

Famous author and financial expert Robert Kiyosaki recently shared some exciting thoughts about Bitcoin

Altcoinbuzz2024/11/21 15:33

Messari Unveils The Solana Portal

Messari has just opened the doors to The Solana Portal, a new platform designed to make it easy to track everything happening on the Solana blockchain

Altcoinbuzz2024/11/21 15:33