Mode L2 Network Unveils Season One Vested Airdrop for Token Holders
Mode, the modular DeFi L2 network, has announced that its…
In a significant security breach, the cross-chain DeFi protocol Li.Fi confirmed the loss of approximately $11 million in Ethereum and various stablecoins, marking a troubling event for the cryptocurrency community. This incident underscores ongoing vulnerabilities within DeFi platforms and raises questions about the efficacy of current security measures.
The incident came to light when blockchain security firm CertiK initially reported nearly $9 million missing, which was later updated by Li.Fi to about $11 million after further investigation. According to CertiK, a wallet linked to the hack held close to $6 million in Ethereum, along with substantial amounts of USDC, USDT, and DAI stablecoins.
Further scrutiny revealed that the exploit targeted Li.Fi users who had manually adjusted their account settings, leading to unauthorized withdrawals. The protocol quickly responded, stating on the social platform X (formerly Twitter) that the exploit had been “contained” and assuring users that they were no longer at risk.
In the aftermath of the breach, Li.Fi urged its users to immediately utilize a dedicated revoke website it set up to help secure their accounts. The protocol identified additional security vulnerabilities and recommended that users revoke permissions through revoke.cash. Traders were also advised to check the status of their accounts via scan.li.fi to ascertain if they had been compromised.
Crypto security firm Decurity provided insights into the possible method of the exploit. They pointed to a vulnerability in the Li.Fi bridge involving an arbitrary call with user-controlled data through the depositToGasZipERC20() function in the GasZipFacet, which had been deployed just five days prior to the incident. This vulnerability likely allowed the hacker to manipulate transactions and withdraw funds illegally.
This is not the first time Li.Fi has faced security challenges. In 2022, a bug in the protocol’s swapping feature was exploited, resulting in a loss of $600,000 in crypto assets. The incident was thoroughly analyzed in a post-mortem by Li.Fi, published on Medium, which detailed the sequence of events and the lessons learned.
The recent hack not only highlights the risks associated with manual adjustments in user settings but also underscores the broader security challenges facing the DeFi sector. As these platforms become more integrated with mainstream finance, the sophistication and frequency of attacks are likely to increase, prompting a need for more robust security measures and regulatory oversight.
For DeFi protocols like Li.Fi, recovering from such significant security breaches involves not only addressing technical vulnerabilities but also restoring trust among users. The incident serves as a critical reminder of the importance of continuous security assessments and the need for protocols to stay ahead of potential threats through proactive measures and community engagement.
As the DeFi industry continues to evolve, the lessons learned from incidents like the Li.Fi hack will be crucial in shaping more secure and resilient frameworks for the future of decentralized finance.
The post first appeared on Decrypt