Home / News / Crypto / News / Cross-Chain DeFi Platform LIFI Publishes Report on $12 Million Hack
News
5 min read

Cross-Chain DeFi Platform LIFI Publishes Report on $12 Million Hack

Last Updated
Lorena Nessi
Last Updated
By Lorena Nessi
Edited by Insha Zia
Key Takeaways
  • LIFI recently experienced a major cyberattack.
  • The platform responded by securing their system and promising refunds to affected users.
  • The incident reflects persistent security challenges, mirroring a similar hack in 2022.

LIFI, a well-known cross-chain blockchain protocol, was hacked on July 16. The exploit resulted from a smart contract update that inadvertently introduced a vulnerability due to human error.

Approximately 153 exchange wallets were impacted, leading to the loss of nearly $12 million in USDC, USDT, and DAI stablecoins.

LIFI Protocol Swiftly Contains Security Breach

On July 18, a few days after the exploit, the LIFI protocol team released an incident report  outlining their response to the breach. The report detailed how they promptly acted on their incident response plan and deactivated the compromised component across all chains.

The team opined that its rapid detection and response were crucial in minimizing further losses and securing the network from additional vulnerabilities.

It said :

“Upon detecting the security breach, our team immediately activated the incident response plan, successfully disabling the vulnerable facet across all chains. This action contained the threat and prevented any further unauthorized access.”

Human Error in Deployment Blamed for Lost User Funds

According to the report , the vulnerability stemmed from a flaw in transaction validation linked to the protocol’s use of the widely employed LibSwap code library. This library, integral to numerous decentralized exchanges and DeFi protocols, was affected by a human error during the protocol’s deployment process.

Security firm Decurity linked  the root cause of the breach to a recent update to one of LIFI’s smart contracts.

LIFI is now working to help users recover their funds. The team is collaborating with authorities and web3 security experts to support their recovery efforts.

The protocol team has contacted the affected wallet holders and asked them to complete a specific form to enable direct communication. “Your cooperation is crucial,” LIFI stated, underscoring the importance of user involvement in resolving the situation.

Urgent Response to the Hack

CyversAlerts first sounded the alarm  on the exploit, recommending that LIFI users revoke their approvals. The cybersecurity platform first detected the breach on the Ethereum blockchain and noted that it had expanded to the Arbitrum network. 

During the attack, hackers stole massive amounts of USDC and USDT. Soon after, the attackers attempted to convert the stablecoins to Ether. 

 

Following CyverAlerts’ report, LIFI confirmed the breach and urged  all its users to stop using its services immediately. The DeFi platform set up a special website that recommended  all users temporarily revoke contract approvals until they could “further investigate.”

LIFI linked  the vulnerability to wallets with infinite approvals. The platform confirmed that only a small number of users were affected.

At the time of writing, LIFI confirmed  that its platform was operational and the exploit had been resolved. The DeFi platform stated that it was working with law enforcement and industry participants to trace and recover the stolen funds.

Call for Help Amidst the Turmoil

Amidst the chaos of this hack, reports surfaced on social media of users frantically seeking assistance, highlighting the widespread confusion and concern caused by the hack, as in the case of X user MelGP. 

screenshot of users wanting their funds back from LIFI.
Credit: X

With apprehensions growing, LIFI assured users  that it would “refund all affected users the full balance lost during the exploit.”

Not LIFI’s First Rodeo

This isn’t the first time LIFI has faced security issues. On X, Peckshield highlighted  a similar attack that occurred in March 2022.

 

The blockchain security platform noted that hackers exploited a similar vulnerability  two years ago and pocketed over $600,000 from 29 wallets. LIFI managed the situation by refunding affected users and attempting to negotiate with the hacker.

Whether LIFI has learned from its previous attacks  remains an open question. However, the platform’s repeated security breaches stress the need for better security measures and auditing to prevent such attacks from occurring. 

Was this Article helpful? Yes No

Lorena Nessi

Lorena Nessi is an award-winning journalist and media and technology expert. She is based in Oxfordshire, UK, and holds a PhD in Communication, Sociology, and Digital Cultures, as well as a Master’s degree in Globalization, Identity, and Technology. Lorena has lectured at prestigious institutions, including Fairleigh Dickinson University, Nottingham Trent University, and the University of Oxford. Her journalism career includes working for the BBC in London and producing television content in Mexico and Japan. She has published extensively on digital cultures, social media, technology, and capitalism. Lorena is interested in exploring how digital innovation impacts cultural and social dynamics and has a keen interest in blockchain technology. In her free time, Lorena enjoys science fiction books and films, board games, and thrilling adventures that get her heart racing. A perfect day for her includes a spa session and a good family meal.
See more