LI.FI Protocol Exploited for Approximately $8 Million

The decentralized finance (DeFi) platform LI.FI protocol recently fell victim to an exploit resulting in the loss of around $8 million, as shown by on-chain data. Following a series of suspicious withdrawals, LI.FI issued a warning: “Please refrain from interacting with any LI.FI powered applications at this time.” The platform is currently conducting an investigation into a potential exploit, reassuring users that if they did not set infinite approval, they are not at risk.

LI.FI is recognized for its protocol that enables users to engage in trading activities across various blockchains, venues, and bridges. The exploited wallet contained 1,715 ether (ETH) valued at $5.8 million, along with USDC, USDT, and DAI stablecoins.

Crypto security firm Decurity identified that the exploit is related to the LI.FI bridge. According to Decurity, the vulnerability stemmed from the possibility of an arbitrary call with user-controlled data through `depositToGasZipERC20()` in GasZipFacet, which had been deployed just 5 days prior to the incident.

Earlier in May, a report by Immunefi highlighted that a staggering $473 million in crypto assets was lost due to hacks, exploits, and rug pulls during the first half of 2024.