Sunday, September 25, 2022
HomeDeFiLi Finance protocol loses $600,000 with latest DeFi hack

Li Finance protocol loses $600,000 with latest DeFi hack

Users of the Li Finance (LiFi) protocol lost roughly $600,000, and some of them have been paid after a hacker exploited a weakness in the project's smart contract.

A smart contract vulnerability at the Li Finance swap aggregator resulted in the loss of around $600,000 from the wallets of 29 users. The incident occurred on March 20. The hacker was able to steal varied quantities of ten distinct tokens from wallets that had granted the Li Finance protocol “unlimited permission.” USD Coin (USDC), Polygon (MATIC), Rocket Pool (RPL), Gnosis (GNO), Tether (USDT), Metaverse Index (MVI), Audius (AUDIO), AAVE (AAVE), Jarvis Reward Token (JRT), and DAI were among the stolen tokens (DAI).

The team discovered the vulnerability 12 hours later, and shut down all swapping operations on the platform to avoid further losses. On March 21, the team produced a postmortem outlining the exploit’s occurrences. According to the team, the hacker exchanged the stolen tokens for a total of around 205 ether (ETH) worth over $600,000. The stolen ETH had not yet been transferred from the hacker’s wallet. LiFi also informed users that the fault had been discovered and fixed.

25 of the 29 wallets targeted in this assault have been repaid for their losses with treasury money. Those 25 wallets accounted for only $80,000, or 13% of the total value lost. The owners of the other four wallets, which lost a total of $517,000, have been contacted and given a solution to recompense them by honouring their losses as protocol angel investors.

They would get LiFi tokens in an amount equal to their losses from each wallet, under the same terms as regular angel investors. This would also help to lessen the platform’s treasury impact. The hacker was also contacted and promised a bug reward in exchange for the money being returned.

The incident looks to have occurred at an inconvenient time. On March 21, Li Finance CEO Philipp Zentner stated that we’re literally a week away from our audit, adding, we have many organisations assessing us.

According to “Transmissions11,” a researcher with crypto investment firm Paradigm, even a comprehensive examination of the code may have missed this particular problem.

This is the newest attack in the decentralised finance (DeFi) industry, which highlights how providing smart contracts with endless approvals exposes a user’s cash to greater danger. Users with infinite approvals can switch currencies at a decentralised exchange (DEX) an unlimited number of times without needing to approve any more transactions.

Read more:

 

Vaishali Goel
Technology enthusiast, explorer and academic scholar. Currently exploring the crypto world. Join me in my journey to see how crypto, NFT and Metaverse will change the world.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

5 × 2 =

- Advertisment -

Most Popular