DeFi Protocol Li.Fi Hacked for $11 Million in Ethereum, Stablecoins

Cross-chain DeFi protocol Li.Fi is suspected to have lost about $11 million in cryptocurrencies in an exploit. The protocol provided the updated figure after blockchain security firm CertiK previously pointed to nearly $9 million earlier Tuesday.

A wallet linked to the suspected hack on Tuesday held nearly $6 million in Ethereum (ETH) along with various amounts of several stablecoins, according to CertiK. The exploit, which is still being investigated, appears to have targeted some Li.Fi users who manually adjusted the settings on their accounts, the protocol’s team said Tuesday in an X post. 

Li.Fi told Decrypt that users are no longer at risk and that the exploit had been "contained."

The crypto wallet that is suspected of holding the stolen funds contains roughly $5.8 million in ether, in addition to USDC, USDT and DAI stablecoins, blockchain data shows. 

Li.Fi urged users on Tuesday to “immediately use our secluded revoke website,” noting that it had identified four additional security breaches in a Twitter (aka X) post.

Users should revoke permissions via revoke.cash, according to Li.Fi. Traders can visit scan.li.fi to check if their accounts have been compromised.

Bitcoin Exchange Hack Leads Surging Tally of Crypto Stolen in 2024: TRM Labs

Hackers stole more than twice as much cryptocurrency in the first half of 2024—based on the U.S. dollar value of the coins—compared to the first six months of 2023, according to a recent report by blockchain intelligence firm TRM Labs. Crypto thefts totaled $1.38 billion up through June 24 of this year, more than double the $657 million stolen as of the same time in 2023. Total crypto thefts thus far in 2024 have already nearly reached the $1.7 billion in value stolen across all of last year, pe...

A hacker likely exploited a vulnerability in the Li.Fi bridge, crypto security firm Decurity said Tuesday in a post on Twitter. 

"The root cause is a possibility of an arbitrary call with user controlled data via depositToGasZipERC20() in GasZipFacet which was deployed 5 days ago," Decurity wrote.

Li.Fi has suffered sizable losses due to security issues in recent years. In 2022, a bug in the protocol’s swapping feature resulted in losses of $600,000 in crypto, according to a post-mortem analysis of the attack by Li.Fi on Medium.

Edited by Andrew Hayward

Editor's note: This story was updated after publication to include new details from Li.Fi.