Crypto Hack: LI FI Cross-Chain Aggregator Suffers $8M Breach

As a seasoned crypto investor with several years of experience in this volatile market, I can’t help but feel a pang of unease as I read about yet another security breach – this time involving LI FI, a cross-chain transaction aggregator that I have used in the past. The news that over $8 million worth of user funds, mostly stablecoins, have been stolen is alarming and serves as a stark reminder of the risks inherent in this industry.


As a crypto investor, I’ve come across some concerning news regarding LI FI, the cross-chain transaction aggregator. According to Cybers Alerts, there has been a security breach, and they have flagged certain transactions as potentially fraudulent. It is recommended that users cancel these transactions if they were involved. The attacker has managed to withdraw over $8 million, primarily in stablecoins like USDC and USDT. Now, they’re swapping these stablecoins for ETH. This situation calls for heightened vigilance and careful monitoring of our investments.

LI FI Cross-Chain Aggregator Suffers $8M Breach

Based on a Cybers Alerts report, the LI FI security incident is linked to the Ethereum address 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae. The announcement advises against approving this address and encourages users to withdraw any previous approvals immediately. Preliminary assessments suggest that the attack has cost approximately $8.7 million worth of user funds.

#CertiKInsight

The system has identified several potentially suspicious transactions linked to the Ethereum address (EOA) 0x8B3Cb6Bf982798fba233Bca56749e22EEc42DcF3.

The wallet is currently holding $8.7m worth of assets

We are currently investigating

— CertiK Alert (@CertiKAlert) July 16, 2024

The majority of these funds are stablecoins like USDC and USDT, which the attacker swaps for ETH.

The LI FI team advises against utilizing any LI FI application at this time for users. They’ve provided a list of specific addresses requiring approval revocation to prevent any additional access.

Urgent Revocation of Approvals

In reaction to the security incident, LI FI has discovered four more addresses that call for prompt withdrawal of approvals: These are 0x341e94069f53234fE6DabeF707aD424830525715, 0xDE1E598b81620773454588B85D6b5D4eEC32573e, and 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68.

Based on my experience as a cybersecurity professional, I strongly advise against keeping the “Infinite Approvals” setting active on any addresses linked to your accounts. This feature, if enabled, could potentially put you at risk. I’ve seen numerous cases where this setting led to unintended transactions or even fraudulent activities, especially in business environments.

The LI FI team is currently developing an exploit, causing them to temporarily disable Sharpe Bridge and Sharpe Refuel. This action only impacts users who haven’t set up infinite approvals. Other Sharpe applications remain functional.

Ongoing Crypto Hack Investigations

The LI FI security incident marks a recent intrusion in the Decentralized Finance (DeFi) industry. For example, UwU Lend, a DeFi lending protocol, was compromised, resulting in the theft of approximately $19.3 million. In this occurrence, the hacker executed three transactions within a short six-minute span to pilfer significant cryptocurrencies like WBTC and stablecoins.

The latest data leak at Squarespace has influenced approximately 105 Web3 projects, among them prominent names like Compound Finance and Celer Network. As a result, there is an urgent need to enhance security measures within the crypto market, given the widespread impact of this breach.

As a researcher studying cybersecurity, I’ve noticed that recent breaches like the one at LI FI have prompted a swift response from security firms such as Arkham and Cyvers. In an effort to protect users’ funds and prevent future occurrences of similar incidents, these companies and applications are urging people to take action and secure their assets. The ongoing investigations aim to uncover the root causes of the exploit, enabling us to strengthen our cybersecurity defenses and mitigate potential risks.

WLD Price Skyrockets 21% as TFH Announces Token Lockups

Read More

2024-07-16 18:00