LI.FI, a protocol offering bridging and swapping services between the Ethereum Virtual Machine (EVM) and Solana, was attacked by cybercriminal(s), allowing them to walk away with more than million. The attack targeted smart contracts, taking advantage of bugs to steal the funds stored by them and within wallets interacting with them. Cyvers Alerts notified the crypto community about the occurrence, “More than M have been drained so far from users and mostly stablecoins! Attacker is already swapping $USDC, $USDT to $ETH.” It also asked users to avoid and revoke wallet access to the contract 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae. While that post mentioned million in losses, a follow-up post updated users that the number rose to million. “Total loss is now around M
Topics:
Suraj Manohar considers the following as important: Crime, defi, News
This could be interesting, too:
Chayanika Deka writes Russian Investigator Sentenced to 16 Years for Accepting M Bitcoin Bribe from Hackers
Chayanika Deka writes UN Agency Calls for Urgent Action on Crypto-Enabled Crimes in Southeast Asia
Temitope Olatunji writes X Empire Unveils ‘Chill Phase’ Update: Community to Benefit from Expanded Tokenomics
Bhushan Akolkar writes Cardano Investors Continue to Be Hopeful despite 11% ADA Price Drop
LI.FI, a protocol offering bridging and swapping services between the Ethereum Virtual Machine (EVM) and Solana, was attacked by cybercriminal(s), allowing them to walk away with more than $10 million. The attack targeted smart contracts, taking advantage of bugs to steal the funds stored by them and within wallets interacting with them.
Cyvers Alerts notified the crypto community about the occurrence, “More than $8M have been drained so far from users and mostly stablecoins! Attacker is already swapping $USDC, $USDT to $ETH.” It also asked users to avoid and revoke wallet access to the contract 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae.
While that post mentioned $8 million in losses, a follow-up post updated users that the number rose to $10 million. “Total loss is now around $10M across different chains!” Of course, scammers tried to cease an already dire situation, trying to push frightened users wanting to revoke their access to LI.FI contracts toward phishing addresses by impersonating LI.FI’s X account. Cyvers Alerts warned LI.FI users to not fall for these auxiliary scams and verify the source of the communications they receive.
LI.FI also addressed its user base about the situation after Cyvers Alert shone a light on it. “Please do not interact with any LI.FIpowered applications for now!” It assured users that it was investigating the occurrence. About those at risk, it mentioned that “Only users that have manually set infinite approvals seem to be affected.” LI.FI has asked everyone to stay away from contracts 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae, 0x341e94069f53234fE6DabeF707aD424830525715, 0xDE1E598b81620773454588B85D6b5D4eEC32573e, and 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68.
Over an hour later, it updated users,” A smart contract exploit earlier today has been contained and the affected smart contract facet disabled. There is currently no further risk to users.” Regarding identifying the culprits and tracking the fund flows, LI.FI is “engaging with appropriate law enforcement authorities and relevant third parties, including security teams from the industry, to trace funds.”