LI.FI Hack Exposes Vulnerabilities in Cross-Chain Transaction Aggregators, Users Lose Over $10M

The decentralized finance (DeFi) sector has experienced significant growth, on a promise of a future without banks and regulation. However, the lack of these intermediaries also exposes users to risks, including scams and hacks.

Decentralized finance (DeFi) is meant to be a future without banks and regulation. But the absence of these intermediaries also leaves users exposed.

Recently, cross-chain transaction aggregator LI.FI became the latest target of a hack, highlighting a vulnerability that has already cost users over $10 million in stablecoins. And, according to security experts, more user funds could still be at risk.

Here's how the LI.FI protocol hack went down.

DeFi hacks are getting creative. On Tuesday, July 16, crypto security firm Cyvers reported a security breach in the LI.FI protocol, a major cross-chain transaction aggregator.

The initial breach was detected on the Ethereum blockchain and later expanded to the Arbitrum network. The attack resulted in the theft of over $10 million in stablecoins, primarily USDC and USDT, which the attackers then began converting into ETH.

The LI.FI protocol team confirmed the breach after the incident was reported by the security firm. According to the team, the main vulnerability stemmed from an infinite approval setting for transactions, which allowed the attackers to pilfer all the funds.

How to protect yourself from the infinite approval exploit

The infinite approval exploit occurs when users grant a smart contract unlimited permission to access their funds. This is convenient for repetitive transactions that don't require user confirmation every time, but it also introduces a major security risk. If the smart contract or platform is compromised, attackers can use it to drain all the funds from users.

Sponsored

Revoke approvals: LI.FI claims that no further funds are at risk, but the Cyvers security firm is urging users to immediately revoke approvals for the compromised addresses. This can be done easily using tools like Revoke.cash.

Inspect approvals: Users should periodically review their token approvals and revoke any that are no longer needed or that could pose a risk.

Set limits: Instead of granting infinite approval, users can specify a limit on the amount a smart contract can access. This way, even if there is a breach, the potential loss is capped.

While DeFi protocols are responsible for ensuring strong security measures, users also bear responsibility for their own security settings. Taking these steps can help reduce the risk of falling victim to hacks.

On the Flipside

Why This Matters

The LI.FI breach underscores the critical need for vigilance and proactive security measures in DeFi. Users must be cognizant of their security settings and take regular actions to manage permissions and safeguard their assets.

Learn more about protecting your funds:

How to Stay Safe From Phishing in Crypto Mailing List Hack

Discover the Chromia Mainnet launch:

Chromia Mainnet Launch Sets the Stage for Next-Gen Blockchain Networks

The above is the detailed content of LI.FI Hack Exposes Vulnerabilities in Cross-Chain Transaction Aggregators, Users Lose Over $10M. For more information, please follow other related articles on the PHP Chinese website!