Hacker Steals $600K from LiFi Protocol via a Smart Contract Exploit

The exploit was initially reported by PeckShield, informing users that hackers managed to get a hold of approximately 200 ETH from the LiFi protocol.

Just moments later, the Li Finance team confirmed the exploit on Twitter, alerting users of a "vulnerability with the LI.FI smart contract." According to the blog, the platform’s smart contract was breached, letting the hacker abuse the swap feature to maliciously take out the funds.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How to Trade NFTs Safely? (Animated Explainer For Beginners)

SUBSCRIBE

ON YOUTUBE

The approximate amount of funds lost amounted to over $587k, with the hacker stealing them in the form of USD Coin (USDC), Polygon (MATIC), Tether (USDT), Aave (AAVE), Rocket Pool (RPL), Dai (DAI), Gnosis (GNO), Metaverse Index (MVI), Audius (AUDIO), and Jarvis Network (JRT) tokens.

Luckily enough for the LiFi community, the exploit was identified almost immediately after it happened, and the vast majority of the affected wallet holders were reimbursed. With 25 of the wallets valued at $80K were reimbursed, the 4 other wallets, that held almost $517K, were offered alternative reimbursement in order to "reduce treasury damage."   

Alongside closing the swap feature on the platform and disabling infinite approvals, LiFi contacted the hacker with a bounty offer, hoping that the funds will be returned.

This has been a tough month for decentralized finance protocols, with several platforms getting breached over the past few weeks. Deus Finance recently suffered the biggest loss in recent times, setting the protocol back by $3 million in crypto.