Decentralized protocol for bridging assets across different networks, LI.FI, appears to have fallen victim to a hacker attack.
Multichain liquidity provider LI.FI, which facilitates cross-chain swaps for the Jumper crypto exchange, has reportedly suffered a hacker attack, resulting in losses totaling $8 million as of press time.
In an X post on Tuesday morning, analysts at blockchain research firm Cyvers warned that the hacker drained over $8 million, mostly in stablecoins, and already converted some of the stolen USD Coin (USDC) and Tether (USDT) to Ethereum (ETH).
đšALERTđš@lifiprotocol, Our system has raised suspicious transactions involving your https://t.co/3LzbDK99Ed We recommend users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eaeMore than $8M have been drained so far from users and mostly stablecoins!⊠pic.twitter.com/zsj9DZWnpU
â đš Cyvers Alerts đš (@CyversAlerts) July 16, 2024
The analysts urged LI.FIâs users to revoke their approvals for the protocol and avoid any interactions with it amid the ongoing attack. Shortly after the attack, LI.FI took to X to say that âonly users that have manually set infinite approvals seem to be affected.â
This isnât the first time LI.FI faces a hacker attack. In March 2022, an unknown attacker exploited a loophole in the protocolâs smart contract, resulting in the loss of $600,000 worth of various tokens. A post-mortem update from the LI.FI team stated that the vulnerability was in the swapping feature of the LI.FI smart contract, granting the attacker total control over the pre-bridge swap feature.
Founded in 2021 by Max Klenk and Philipp Zentner, the Berlin-headquartered liquidity hub raised $17.5 million in a Series A fundraise co-led by CoinFund and Superscrypt in April 2023. Other investors such as Circle, Factor, Perridon, Theta Capital, Three Point Capital, and Abra also participated in the funding.
Read more: Lazarus Group allegedly moves stolen funds from $308m DMM Bitcoin hack