A recent exploit on the LiFi Protocol, a platform compatible with Solana and EVM chains, has resulted in the loss of about $10 million in user assets. The DeFi platform has urged community members to avoid interacting with its system as they investigate the potential exploit. The platform has not disclosed the exact amount lost but has stated that users who did not set infinite approvals are not at risk. The stolen funds include $6.3 million in USDT, $3.1 million in USDC, and around $170,000 in DAI stablecoin, which have been exchanged for 2,857 ETH and distributed to multiple wallets.
Cyvers Alert, a web3 security platform, first reported suspicious transactions involving a LiFi smart contract that led to the significant losses. The incident highlights the risks associated with giving wallet approvals to smart contracts and the importance of protocols staying vigilant. The attack exploited the platform’s proxy implementation, allowing attackers to inject function calls to the contract and steal assets in the contracts and funds connected to users’ wallets. This is not the first time LiFi has been targeted, as a similar attack occurred in March of this year through a swapping feature that called token contracts directly.
In response to the attack, there have been reports of phishing scam links circulating on social media, urging users to revoke their access to the platform through suspicious links. The LiFi Protocol has not yet revealed how the exploit occurred or the specific vulnerabilities that were targeted. This incident serves as a reminder of the ongoing security risks facing DeFi platforms and the importance of implementing robust security measures to protect user assets.
Despite the breach, the LiFi Protocol continues to operate, albeit with caution, as they investigate the exploit and work to prevent future attacks. The platform has assured users who did not set infinite approvals that their funds are safe. Moving forward, it will be critical for DeFi platforms to prioritize security measures and regularly audit their smart contracts to prevent similar incidents from occurring in the future. The community is advised to remain vigilant and avoid interacting with any LiFi powered applications until the situation is fully resolved.
