In a cyber-attack, users of Li Finance Protocol lost $600,000.
As per the tweet from the protocol’s twitter handle, the users have lost $600,000 in a hacking attack. Hacker successfully exploited a bug in the system, and stole $600,000 in total from 29 different wallets.
Wallets said to have granted an ‘infinite approval’. Which effectively means that once a wallet is granted an approval, it does not need any further approval for any other transaction. Exploit took place on Sunday, at 2:51 am UTC.
Li Finance Protocol Hack
Hacker stole 10 different tokens, varying in amount, from the users’ accounts. Tokens include, Tether (USDT), USD Coin (USDC), Rocket Pool (RPL), Polygon (MATIC), Gnosis (GNO), Metaverse Index (MVI), Jarvis Reward Token (JRT), AAVE (AAVE), Audius (AUDIO), and DAI (DAI).
Team detected the theft 12 hours later, at 2:15 pm UTC. Right away they shut down all the ongoing swapping operations to prevent any further losses. Team issued a post mortem, on Monday at 2:50 am UTC.
The statement noted the theft equaled 205 ETH tokens, accounting for $600,000. At the time of writing the stolen crypto has not been moved from the hacker’s wallet yet. However, Li Finance Protocol has successfully identified and patched the bug.
Out of 29 wallets that were attacked, 25 have already been reimbursed by the protocol. They had lost $80,000 each. Although, settlement is still to be decided with other 4 wallets. They said to have lost $517,000 in total. Protocol had offered them a settlement deal that honors their losses.
They would receive LiFi tokens under the same terms as other angel investors in an amount equal to their losses from each Wallet. This would not only mitigate user’s losses but will also help the platform’s treasury. Moreover, the hacker has been contacted and offered a bug bounty to return the funds.
Credit: Source link