Li.Fi Suffers $11M Exploit
The cross-chain DeFi protocol Li.Fi recently experienced an $11 million exploit. Funds were stolen from platform users.
Mastermind Behind the Attack
The wallet suspected to be behind the attack managed to steal nearly $6 million in ETH and various stablecoins like USDC and DAI.
Team’s Immediate Response
During the exploit, the team urged users to revoke approvals for several of Li.Fi’s bridge contracts. Despite this, the intrusion has been contained. Only users with infinite approvals were affected.
Vulnerability Exploited
The protocol has yet to release a detailed report on the exploit’s cause. However, blockchain security firm Decurity stated the hacker exploited a vulnerability in the recent ‘GasZipFacet’ smart contract deployment.
Exploit Method
The hacker submitted specially crafted data into the contract. The contract mistook this data for token swap instructions, allowing the hacker to steal approved tokens from the Li.Fi bridge.
