LI.FI, a bridging API connecting numerous blockchains that allows users to port assets cross-chain to use on DeFi protocols and other applications, has provided information about its recent hack attack.
While the amount of funds increased as the hack progressed, about $11.6 million got stolen from the protocol. LI.FI let its community know how this incident occurred.
It integrated a new smart contract facet, shortly after which it experienced the attack. In its blog, LI.FI stated, “A vulnerability in this facet allowed the attacker to gain unauthorized access to user self-custodial wallets that had set infinite token approval for the LI.FI contract.”
Users on Ethereum and Arbitrum chains who had the “infinite approval” option turned on suffered from the breach. Everyone else was unaffected. Drained assets included stablecoins like USDT, USDC, and DAI.
About 153 wallets were affected, and LI.FI has taken the initiative to refund all the users 100% of their losses.
It mentioned in an X post, “Our team will start contacting users starting tomorrow with details on a voluntary compensation scheme we are currently working on.”
Important update for affected users:
Our team will start contacting users starting tomorrow with details on a voluntary compensation scheme we are currently working on.
To participate in the compensation scheme, please complete the form below https://t.co/i8joNc6rbt
— LI.FI (@lifiprotocol) July 18, 2024
It followed that up with, “We and our major investors are working flat out on a voluntary compensation scheme covering 100% of the losses.”
This news came after LI.FI announced that it successfully controlled the hack and made its platform safe for users. Simultaneously, it informed law enforcement authorities immediately to get hold of the hacker(s) responsible for the $11.6 million losses.
“The protocol is fully operational again. Bridging and swapping on most of our partner protocols have resumed. We continue to engage with law enforcement authorities and industry participants to trace and recover funds,” LI.FI’s X account informed.
Update: The protocol is fully operational again.
Bridging and swapping on most of our partner protocols have resumed.
We continue to engage with law enforcement authorities and industry participants to trace and recover funds.
— LI.FI (@lifiprotocol) July 17, 2024
Furthermore, LI.FI announced it would increase its security levels by inculcating numerous measures to make its platform bulletproof against cyber criminals. It will also change its contract deployment process, as this fiasco was caused by a human error.