13.8 C
New York
Wednesday, May 25, 2022

๐ŸŽ“ LI.FI smart contract hacked and nearly $600,000 stolen

- Advertisement -
- Advertisement -


okx banner top content

On March 20, 2022, the LI.FI team revealed that approximately $600,000 was stolen from 29 wallets of their smart contract.

The theft took place at 02:51 am UTC, during which the attacker managed to steal around $600,000 ($587,500 or 205 ETH) from 29 wallets, through a single transaction.

The attacker took many coins from users’ wallets, based on token contracts to which users gave infinite consent. The stolen coins included (USDC, MATIC, RPL, GNO, USDT, MVI, AUDIO, AAVE, JRT and DAI), since the attacker exchanged all the coins into Ethereum, and since then, they are still in his wallet, indicating who was contacted and received no response yet.

LI.FI announced on its blog that โ€œAttackers exploiting the LI.FI smart contract, specifically the exchange function that allows trading before transferring the currency to other networks (bridge) instead of the actual exchange, were able to invoke exchange contracts. token directly in the context of the contract, and as a result of the exploitation Anyone who gave unlimited consent to a contract was at risk, as his team disabled all exchange methods in their smart contracts as soon as they learned of the attack.

LI.FI added: โ€œOther than that, we immediately alerted the community to the exploit via Twitter and notified our partners and investors. We thank everyone for their support.

He also apologized for not offering the highest level of security possible: “Our job is to maximize the user experience, and now we have painfully learned that our security measures must improve dramatically to follow this spirit.”

LI.FI stated that it compensated most of the affected users in less than 18 hours, with 25 wallets being quickly paid out with a total amount of $80,000, and for the remaining four wallets (default size $517,000), they were contacted at via Twitter and the Mainnet transaction. In order to minimize their damages, they have offered to transfer the lost funds to an angel investment in LI.FI and subsequently to LI.FI tokens on the same terms as the investors in the round of current funding.

In the same context, LI.FI stated that the vulnerability was identified and fixed.

Source link

- Advertisement -

New Articles