LiFi Protocol Suffers $8 Million Exploit, Urges Users to Avoid Applications
In Brief:
- LiFi Protocol exploited for over $8 million, targeting accounts with “infinite approvals.”
- Users advised to avoid all LiFi-powered applications and revoke approvals for specific addresses.
- Security firms Cyvers and De.Fi Antivirus highlight the impact on USDC, USDT, and ARB.
LiFi Hit by Major Exploit, Users Warned to Avoid Applications
On Tuesday, LiFi bridging protocol experienced an exploit exceeding $8 million, with the attacker specifically targeting accounts. The platform immediately urged users to refrain from interacting with any LiFi-powered applications to mitigate further risk.
The LiFi Protocol confirmed the breach in a post on X, cautioning users about the potential exploit. The attacker targeted accounts that had enabled “infinite approvals.” The platform emphasized, “Please do not interact with any LiFi-powered applications for now! We are investigating a potential exploit. If you did not set infinite approval, you are not at risk.”
LiFi advised users to revoke approvals for three specific addresses and offered assistance upon request. “We urge all users to immediately use our secluded revoke website; four more security breaches have been identified,” the protocol updated. It also noted that all user funds interacting with LiFi protocols could be at risk, though Superform, one of LiFi’s bridging providers, was not impacted by the attack.
Security firms Cyvers and De.Fi Antivirus Web 3 highlighted the severity of the exploit. Cyvers reported that the attack affected approvals for Circle’s USD Coin (USDC), Tether’s USDT stablecoin on the Ethereum (ETH) mainnet, and Arbitrum (ARB). They advised users, “Check your wallet for any suspicious activities across these networks. If you have interacted with LiFi protocol on either chain, take immediate action to secure your assets.”
De.Fi Antivirus Web 3 revealed that the exploiter executed a series of suspicious withdrawals from the protocol’s contracts. They also exposed the wallet holding the $8 million loot, showing various currencies on Ethereum and Arbitrum contracts.
The prevalence of cyber attacks continues to pose a significant threat to the industry, underscoring the need for participants to remain vigilant to avoid falling victim.