According to TechFlow, LI.FI released a security incident report showing that a "personal human error" during the smart contract update caused the protocol to be attacked by bad actors. The incident is estimated to have affected 153 wallets and lost nearly $12 million worth of USDC, USDT and DAI stablecoins.
After detecting the security vulnerability, the LI.FI team immediately activated the incident response plan and successfully disabled the vulnerable aspects on all chains. The vulnerability stemmed from an issue when validating transactions and was related to the way the protocol interacted with the shared LibSwap codebase used by multiple decentralized exchanges and other DeFi protocols due to "individual human error during the oversight deployment process."
The LI.FI team said it will further investigate the incident and take measures to prevent similar problems from happening again.