According to PANews, the cross-chain bridge protocol LI.FI stated in its latest security incident report that "human error" during the smart contract update process caused the protocol to be attacked. An estimated 153 wallets were affected, losing about $11.6 million in USDC, USDT, and DAI stablecoins.
The team quickly detected the security breach, initiated an "incident response plan" and disabled the faulty code, thereby containing the threat and preventing "any further unauthorized access."
The vulnerability occurred shortly after the new smart contract was deployed. A vulnerability in the upgrade allowed an attacker to gain unauthorized access to user wallets within minutes of the contract being deployed. The vulnerability stems from the ability of the contract caller to call any contract arbitrarily without verification.
Due to human error during the oversight deployment, the verification check was missing. LI.FI said its current priority is to assist in recovering user funds and work with law enforcement and Web3 Security.