Cross-chain protocol LI.FI was hacked and lost $10 million! Paidun: This attack is similar to 2 years ago

This site (120bTC.coM): Blockchain security agency Cyvers Alerts warned on X late yesterday (16th) that its system detected that the cross-chain transaction aggregation platform LI.FI was suspected of being hacked and affected. The user's funds have exceeded 8 million US dollars. Users are advised to revoke wallet authorization as soon as possible:

"Alert! LI.FI, our system has submitted suspicious transactions related to your protocol. We recommend that users revoke authorization to the following address as soon as possible:

0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae.

So far, more than 8 million US dollars have been lost, most of which are stablecoins! The attacker has exchanged USDC and USDT for ETH.”

Fake official phishing link

Peck Shield: This attack is similar to the one two years ago

But what makes the community angry is that when analyzing the attack suffered by LI.FI, the security agency Peck Shield pointed out that LI.FI was attacked in March 2022 When it was attacked in March, the vulnerabilities at that time were basically the same as those attacked this time: When analyzing today's hacker attacks, we noticed an attack on LI.FI launched by hackers on March 20, 2022. The vulnerabilities are basically the same in both cases. What have we learned from the lessons of the past?

Paidun’s analysis temporarily aroused suspicion among community members. Some people believed that this attack was self-directed by LI.FI because the vulnerability existed as early as 2022. Why has it not been fixed yet? Some people also believe that based on past experience, this attack may have been initiated by internal employees of LI.FI... However, LI.FI has not yet disclosed the investigation results of this attack in detail, and it remains to be seen how things will turn out.

In March 2022, LI.FI was attacked by hackers. The hackers used LI.FI to allow user wallets to authorize call permissions for certain tokens, and stole ETH worth $600,000 at the time from multiple wallets.

What is LI.FI?

LI.FI, formerly known as Li.Finance, is a cross-chain transaction aggregation platform. Simply put, the function of LI.FI is to find the optimal transaction path between multiple cross-chain bridges and blockchains. According to the founder of LI.FI, the ultimate goal of LI.FI is not only to provide a product that optimizes the trading experience, but to become a universal protocol for all DApps in the future.

According to the official website of LI.FI, the applications that currently interact with LI.FI include a number of well-known Dapps, including cryptocurrency wallet MetaMask, Binance Exchange Web3 wallet, NFT trading platform OpenSea...

LI.FI official update : The smart contract vulnerability has been contained

LI.FI official tweeted at 23:45 last night, stating that the currently attacked vulnerability has been contained, the affected smart contract part has also been disabled, and user funds are in a safe state : A smart contract vulnerability that occurred earlier today has been contained and the affected portion of the smart contract has been disabled. Users are currently no longer at risk. The affected wallets are limited to wallets with unlimited authorization set up, and the number is very small. We are working with appropriate law enforcement agencies and relevant third parties, including security teams from industry, to trace the stolen funds. The team will release a more detailed postmortem as soon as possible.

The above is the detailed content of Cross-chain protocol LI.FI was hacked and lost $10 million! Paidun: This attack is similar to 2 years ago. For more information, please follow other related articles on the PHP Chinese website!