29 digital wallets on the decentralized finance platform had been compromised by an anonymous hacker.
The exploit was initially reported by PeckShield, informing users that hackers managed to get a hold of approximately 200 ETH from the LiFi protocol.
#PeckShieldAlert @lifiprotocol exploiters hold ～200 $ETH in this wallet https://t.co/3m5nO9ag1E @danielvf #crosschainbridge
— PeckShieldAlert (@PeckShieldAlert) March 21, 2022
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer videos every week!
Just moments later, the Li Finance team confirmed the exploit on Twitter, alerting users of a “vulnerability with the LI.FI smart contract.” According to the blog, the platform’s smart contract was breached, letting the hacker abuse the swap feature to maliciously take out the funds.
The approximate amount of funds lost amounted to over $587k, with the hacker stealing them in the form of USD Coin (USDC), Polygon (MATIC), Tether (USDT), Aave (AAVE), Rocket Pool (RPL), Dai (DAI), Gnosis (GNO), Metaverse Index (MVI), Audius (AUDIO), and Jarvis Network (JRT) tokens.
The exploit was done in one transaction, done at 02:51 AM +UTC, and the attacker managed to steal around $600k (current value $587,500 or 205 ETH) from 29 wallets.
— LI.FI – Any-2-Any Swaps (🦎,🦎) (@lifiprotocol) March 21, 2022
Luckily enough for the LiFi community, the exploit was identified almost immediately after it happened, and the vast majority of the affected wallet holders were reimbursed. With 25 of the wallets valued at $80K were reimbursed, the 4 other wallets, that held almost $517K, were offered alternative reimbursement in order to “reduce treasury damage.”
Alongside closing the swap feature on the platform and disabling infinite approvals, LiFi contacted the hacker with a bounty offer, hoping that the funds will be returned.
This has been a tough month for decentralized finance protocols, with several platforms getting breached over the past few weeks. Deus Finance recently suffered the biggest loss in recent times, setting the protocol back by $3 million in crypto.