Cross-Chain Bridge LI.FI Suffers $8 Million Exploit, Users Urged to Revoke Approvals
An impactful exploit has disrupted the decentralized finance (DeFi) space, specifically targeting LI.FI, a cross-chain bridge and decentralized exchange (DEX) aggregator. The incident, which resulted in the theft of over $8 million, has prompted urgent action from both LI.FI and the security platform RevokeCash.
Phantom revealed on its official X page, “Due to a recent exploit targeting the Lifi Protocol, we are turning off our cross-chain swaps until further notice, Users who the bridge feature should take immediate action to safeguard their assets.”
The exploit, which is under investigation, appears to have targeted users who had granted unlimited token approvals to LI.FI contracts. This vulnerability allowed attackers to potentially drain funds from affected accounts.
Additionally, RevokeCash has developed a convenient tool that allows users to check and revoke permissions for individual addresses. This tool enables users to identify potential vulnerabilities and mitigate risks associated with the exploit.
LI.FI, known for its role in facilitating seamless asset transfers across different blockchains, announced the suspension of its cross-chain swap feature due to the ongoing exploit. The company issued a statement on its X (formerly Twitter) account, urging users to “not interact with any LI.FI-powered applications for now.”
RevokeCash Offer Prompt Help To LI.FI Users
Revoke.cash, a security platform specializing in token approval management, swiftly responded to the situation. The platform released a dedicated tool to help users identify and revoke any potentially compromised approvals.
“We strongly advise utilizing Revokecash to revoke the four contracts listed below,” stated LI.FI in their announcement.
Affected users remain vulnerable as long as they haven’t revoked their approvals. While LI.FI emphasizes that users who did not set infinite approval are not at risk, the company has advised all users to exercise caution and prioritize security measures.
The incident serves as a stark reminder of the ongoing challenges within the DeFi space, particularly with regard to security vulnerabilities. The rapid response from both LI.FI and Revokecash demonstrates the importance of proactive security measures and swift community response in mitigating the impact of such events.
Lykke Exchange Breached $22 Million Exploited
Lykke Exchange disclosed that both Lykke UK and Lykke Corp AG (Lykke) were targeted by a cyberattack on June 4. As a result, the affected systems were promptly shut down to mitigate damage.
The attack led to the theft of crypto assets valued at over $22 million, raising concerns about the platform’s future and its security protocols.
Initially, Lykke concealed the incident, but it came to light through cryptic social media posts and forum discussions. Specific cryptocurrency addresses linked to the stolen funds, including Bitcoin (BTC), Ethereum (ETH), and Lykke’s native token, further fueled speculation about the breach.
Days after the incident, Lykke issued an official statement confirming the security breach and acknowledging the theft of “more than $22 million of crypto assets.” The company attributed the breach to a security attack on its infrastructure.
