Hack attacks targeting the crypto sector have bubbled up in large numbers lately. Li Finance (LiFi), a blockchain protocol, has become the latest victim of notorious hackers who stole nearly $600,000 (roughly Rs. 4.5 crore) from 29 crypto wallets associated with it. Upon investigation, LiFi found that hackers violated the swapping feature of its smart contract and drained crypto assets from wallets that had given infinite approvals. The attackers converted the different crypto assets into 208 Ether tokens, which amounts to Rs. 4.5 crore at the time of writing.
LiFi describes itself as a crypto swap aggregator that allows people to convert the cryptocurrency they hold, into another crypto asset.
We are investigating a potential exploit on https://t.co/nlZEnqOyQz smart contract:
All swap methods have been disabled until we can lock them down and ensure they are safe for use. We will update you as we find out more.
— LI.FI – Any-2-Any Swaps (:lizard:,:lizard:) (@lifiprotocol) March 20, 2022
Out of the 29 affected wallets, 25 have been reimbursed, the company claimed in its Twitter post. As per CryptoPotato, the collective amount stored in these 25 wallets adds up to $80,000 (roughly Rs. 60 lakh).
For the remaining four wallets that held the majority of the stolen funds, LiFi has extended a special proposal.
“We are offering to transform the lost funds into an angel investment into LiFi and, thus, future LiFi tokens under the same terms as our investors in the current funding round. One might see it as an opportunity that would not be possible otherwise with huge upside potential,” LiFi has proposed.
If users decline this option, they would be reimbursed the same way other wallets were.
The company has also claimed that the vulnerability has been fixed.
• ~$600K have been stolen from 29 wallets
• User don’t have to do anything
• Bug has been fixed and is already deployedhttps://t.co/fqOxJxDrZs
— LI.FI – Any-2-Any Swaps (:lizard:,:lizard:) (@lifiprotocol) March 21, 2022
In 2021, the centralised elements of the Decentralised Finance (DeFi) protocol were breached by cyber criminals, amounting to over $1.3 billion (roughly Rs. 9,606 crore) in losses, a report by blockchain research firm CertiK had revealed.
Last year in August, hackers breached blockchain-based platform Poly Network and extracted more than $600 million (roughly Rs. 4,480 crore) in cryptocurrencies, marking DeFi’s biggest hack ever.
In February this year, crypto platform Wormhole Portal lost $322 million (roughly Rs. 2,410 crore) in a hack attack, making it the second largest breach to have hit the DeFi sector.
Around the same time, OpenSea, the world’s biggest marketplace for non-fungible tokens (NFTs), also lost hundreds of digital collectibles in a phishing attack over the weekend. The incident has reportedly caused OpenSea losses worth $1.7 million (roughly Rs. 12.5 crore).