LiFi Protocol, an asset swap and bridge platform compatible with Solana and EVM chains, has been exploited for about $10 million.
The DeFi platform acknowledged the breach but did not reveal the exact amount lost. It urged community members to avoid interacting with its system.
It wrote:
“Please do not interact with any LIFI powered applications for now! We’re investigating a potential exploit. If you did not set infinite approval, you are not at risk. Only users that have manually set infinite approvals seem to be affected.”
$10 million drained
On July 16, Cyvers Alert, a web3 security platform, reported suspicious transactions involving a LiFi smart contract.
The platform revealed that these transactions led to losses of about $10 million in user assets—including $6.3 million in USDT, $3.1 million in USDC, and around $170,000 in DAI stablecoin—across various blockchain networks, including the Ethereum layer-2 network Arbitrum.
Blockchain analyst Lookonchain reported that the stolen stablecoins have been exchanged for 2,857 ETH, equivalent to $9.7 million, and distributed to several wallets.
Meir Dolev, co-founder and chief technology officer at Cyvers, told CryptoSlate:
“The incident highlights the dangers of giving wallet approvals to smart contracts. It’s crucial for protocols to stay alert, as hackers can take advantage of these approvals to steal both assets in the contracts and funds in users’ connected wallets.”
Another Blockchain security firm, Blockaid, explained that the root of the attack was exploiting the platform’s proxy implementation. It added:
“The attackers have managed to exploit a vulnerability in the proxy implementation, where an attacker is able to inject function call to the contract – an ability they’ve then used to inject transferFrom calls on approved users.”
Notably, blockchain security firm Peckshield pointed out that the Li.Fi platform suffered a similar attack in March 2022. At that time, Li.Fi said the attacker exploited its smart contract through a swapping feature that calls token contracts directly instead of performing actual swaps.
Meanwhile, the attack has led to the spreading of several phishing scam links on social media, urging users to “revoke” their access to the platform via suspicious links.