The protocol reimbursed 25 out of the total 29 affected wallets, offering to transform the lost funds of the remaining users into an “angel investment.”
Li Finance (LiFi) became the latest victim of cyber-attackers, with nearly $600,000 worth of cryptocurrencies stolen from 29 wallets. Shortly after, the team published a post explaining the issue and promised to reimburse all affected users.
LiFi Falls Victim to a DeFi Hack
The blockchain protocol explained that the attack occurred on March 20, 2022, when a hacker exploited LiFi’s smart contract (specifically its swapping feature), making users who gave infinite approval vulnerable. As soon as the project identified the attack, it alerted its partners and investors via a Twitter post.
We are investigating a potential exploit on https://t.co/nlZEnqOyQz smart contract:— LI.FI – Any-2-Any Swaps (🦎,🦎) (@lifiprotocol) March 20, 2022
All swap methods have been disabled until we can lock them down and ensure they are safe for use. We will update you as we find out more.
Despite the quick reaction, the attacker exploited 29 wallets draining various digital assets, including MATIC, USDC, USDT, DAI, and more. Subsequently, those were converted into 208 ETH, which at the time of the attack equaled $587,500.
LiFi’s team revealed it had already fully reimbursed 25 out of those wallets (containing around $80,000 worth of stolen crypto). For the remaining four wallets (with notional size over $500,000), the protocol gave different proposals:
“We are offering to transform the lost funds into an angel investment into LiFi and, thus, future LiFi tokens under the same terms as our investors in the current funding round. One might see it as an opportunity that would not be possible otherwise with huge upside potential.”
However, the team said the users should decide whether to accept the aforementioned offer. In case they refuse it, LiFi will restore their funds similar to the other 25 wallets.
In conclusion, the protocol outlined the importance of having enhanced security in the blockchain space. With that said, it vowed to focus even more on the safety aspects and prevent such attacks in the future. It assured its customers that the necessary audit “is happening and LiFi is safe to use.”
The PolyNetwork Drama
Last year, another platform part of DeFi – PolyNetwork – became a victim to a hacker who stole a record-breaking amount – more than $600 million worth of crypto. The entity got exploited on Binance Smart Chain as the wrongdoer stole the funds from at least three wallets.
Nevertheless, the attacker turned out to be a white-hat hacker saying they did that “for fun” and to “expose the vulnerability” of such projects.
Shortly after, the perpetrator returned all stolen funds, while PolyNetwork fully restored its system.