The Li.Fi protocol, an API that enables Ethereum Virtual Machine (EVM) and Solana (SOL) swaps and bridging, has suffered a significant security breach resulting in the loss of over $10 million in cryptocurrencies. Hackers exploited vulnerabilities by accepting approvals from a malicious contract address to drain assets stored in the contracts and funds in users’ connected wallets. Users have been urged to revoke their approvals for the address 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae to prevent further losses. Meir Dolev, co-founder and Chief Technology Officer at Cyvers, highlighted the risks associated with these approvals and urged vigilance among users and developers.
Following Cyvers’ notification, the Li.Fi protocol team advised users not to interact with Li.Fi-powered applications until further notice and provided a list of additional addresses to revoke for those who had manually set infinite approvals. The hackers have successfully drained approximately $10 million in cryptocurrency, and the exploit has spread to the Arbitrum blockchain. This incident underscores the dangers of granting approvals to smart contract wallets and the importance of maintaining a high level of caution.
This attack on Li.Fi is part of a series of recent breaches within the DeFi space. Pike Finance recently experienced significant losses due to a smart contract vulnerability, resulting in $1.6 million in stolen funds over three days. Previous major exploits occurred on April 30 and April 26, where attackers stole over $1.68 million and $300,000, respectively, by manipulating smart contract output addresses. Additionally, Dough Finance lost $1.8 million in digital assets due to a flash loan attack on July 12. These incidents highlight the ongoing risks facing the crypto space and the need for improved security measures.
Within the first half of 2024, over $1 billion in digital assets were lost due to various security incidents, including phishing attacks and private key compromises. In Q2 alone, over $688 million was lost across 184 on-chain security breaches. Despite these challenges, the crypto market has demonstrated resilience, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024, with $347.4 million recovered or frozen out of the $512.9 million lost. Cryptocurrency scams remain prevalent, with nearly $50 million lost monthly on X (formerly Twitter) due to account impersonation schemes.
These attacks highlight the persistent threats facing the DeFi space and the need for enhanced security measures to protect users’ assets. It is crucial for users to remain vigilant, revoke unnecessary approvals, and exercise caution when interacting with DeFi platforms. By staying informed and adopting best practices for securing digital assets, users can mitigate the risks associated with the evolving crypto landscape and safeguard their investments. Adhering to these principles will help foster a more secure and resilient DeFi ecosystem for all participants.
