An attack took place on the Li Finance protocol that resulted in the loss of $600,000 worth of crypto assets.
Li finance is an ultimate cross-chain protocol platform, which allows Decentralized Exchanges (Dex), Decentralized applications (DApps), and digital wallets to swap tokens in cross-chain swap-based trades easily under a decentralized ecosystem. Last day protocol faced an attack by a hacker.
On 20 March at 2:51 am UTC attack took place on the Li finance protocol, which targeted the swap aggregator. Through the exploit, hacker/s successfully stole around $600,000 worth of 10 cryptocurrencies from the wallet of 29 users on that platform.
Stolen tokens included USD Coin (USDC), Polygon (MATIC), Rocket Pool (RPL), Gnosis (GNO), Tether (USDT), Metaverse Index, Audius, AAVE, Jarvis Reward Token, and DAI.
When the attack took place and the team came to know, then the instantly freezed all swap operations in the platform to keep the safety of the funds of users.
Around 12 hours later, the Li Finance team came to know about that and the team reported that a hacker was successful in stealing funds from 29 users and also confirmed that users don’t need to do anything.
Team also confirmed that they fixed the bug
TLDR:
• ~$600K have been stolen from 29 wallets
• User don’t have to do anything
• Bug has been fixed and is already deployedhttps://t.co/fqOxJxDrZs— LI.FI – Any-2-Any Swaps (
,
,
Tweets confirmed that the team is not in the mood to take any legal action against the hacker but offered potential bounty rewards in return for the stolen funds from the platform.
Here team admitted that the hack attack took place because of the ignorance toward the security of the protocol but promised to work more perfectly for the same.
“We apologize to all parties affected by this exploit and take full responsibility for taking care of reimbursements. By not finishing an audit earlier, we neglected our duty to offer the highest security possible.”
Team also confirmed that the hacker tricked the “transform” function to allow the transfer of funds, which allows infinite permissions for token transfer.
Specifically, they called the `transferFrom` method which allowed the attacker to transfer funds from users’ wallets that had previously given infinite approval to our contract for that specific token. pic.twitter.com/pYExCIG1EH
— LI.FI – Any-2-Any Swaps (
Read also: Ethereum co-founder says nations will use crypto no matter what are current stances
Li finance exploit, 29 users lost $600K
https://bitcoinik.com/li-finance-exploit-29-users-lost-600k/feed/
https://bitcoinik.com/li-finance-exploit-29-users-lost-600k/feed/
Buy bitcoin and other cryptocurrencies on crypto exchanges Binance , Coinbase , Kraken and Bitfinex !
Don’t miss a thing, sign up for our newsletter
