According to blockchain security firm PeckShield, Berlin-based cryptocurrency trading aggregator LI.FI has been drained of $8 million.
In a post on X social media platform, the cryptocurrency start-up warned users against interacting with any applications powered by LI.FI for the time being.
The project's team is currently in the process of investigating a potential exploit.
If you did not set infinite approval, you are not at risk. "Only users that have manually set infinite approvals seem to be affected," it added.
Alex DovbnyaDEX trading platform Oku Trade announced that it has temporarily disabled LI.FI from Oku Bridge.
This is not the first time that LI.FI has experienced a security breach. In March 2022, roughly $600,000 worth of USDC, MATIC, AAVE and other tokens were stolen from 29 wallets.
In fact, according to PeckShield, the bug is "basically the same" this time around, meaning that the project has not learned from its previous mistakes.
Back in 2022, the hacker managed to steal hundreds of thousands of dollars by exploiting the protocol's prebridge swapping feature. The funds were stolen with a single transaction. "The attacker started by passing a legitimate swap of a small amount followed by multiple calls directly to various token contracts," the project explained.
The start-up claimed that the attack took place due to its inability to finish the audit earlier. It added that its security measures had to be "drastically" improved.
Back in July 2022, LI.FI secured $5.5 million worth of funding from the likes of Coinbase and Lattice Capital.
In May 2023, it introduced a decentralized exchange aggregator as well as a token bridge.
Yuri Molchan
Tomiwabold Olajide