LI.FI Hack Steals $10 From Users: How to Protect Your Funds

• LI.FI Protocol breached, causing $10M in losses. 
• Crypto security firms are investigating. 
• Users should revoke approvals for the protocol.

The decentralized finance (DeFi) sector has experienced significant growth, on a promise of a future without banks and regulation. However, the lack of these intermediaries also exposes users to risks, including scams and hacks. 

Most recently, the cross-chain transaction aggregator LI.FI was the latest target of a hack , exposing vulnerabilities in the system. As a result, users lost over $10 million in stablecoins so far. What is more, security experts suggest that more user funds could be at risk. 

How The LI.FI Protocol Hack Happened

DeFi hackers are using increasingly creative methods to exploit vulnerabilities. On Tuesday, July 16, crypto security firm Cyvers reported a security breach in the LI.FI protocol, a major cross-chain transaction aggregator. 

The initial breach was detected on the Ethereum blockchain and quickly expanded to the Arbitrum network. Over $10 million in stablecoins, primarily USDC and USDT, were stolen during this attack. Soon after, the attackers started converting these stablecoins into ETH. 

After the security firm reported the incident, LI.FI protocol team confirmed the breach. They claimed that the primary vulnerability was coming from an infinite approval setting for transactions, which enabled attackers to steal all the funds. 

How to Protect Yourself From Infinite Approval Exploit

Infinite approval exploits occur when users grant unlimited permission for a smart contract to access their funds. While this is convenient for repeated transactions without requiring user confirmation each time, it also opens up significant security risks. If the smart contract or platform is compromised, attackers can use it to drain all funds from users. 

Revoke approvals: While LI.FI claimed that no further funds were at risk, and Cyvers security firm urged users to revoke approvals for the compromised addresses immediately. Tools such as Revoke.cash can help users manage and revoke token approvals easily. 

Review approvals: Users should regularly check their token approvals and revoke any that are unnecessary or pose a potential risk. 

Set limits: Instead of granting infinite approval, users can set limits on the amount a smart contract can access. This way, even if a breach occurs, the potential loss is capped.

While DeFi protocols must ensure robust security measures, users also bear responsibility for their security settings. By following these steps, users can limit the risk of falling victim to hacks. 

On the Flipside

• The LI.FI breach is part of a broader pattern of security challenges facing DeFi platforms. Similar to previous incidents involving protocols like Multichain and SushiSwap. 
• Breaches like this erode user trust in DeFi platforms. Users are less likely to engage with dApps when breaches like this happen.

Why This Matters

The LI.FI breach highlights the critical importance of vigilance and proactive security measures in the DeFi space. Users need to be aware of their security settings and take regular steps to manage permissions and protect their assets.

Read more about how to protect your funds: 
How to Stay Safe From Phishing in Crypto Mailing List Hack

Read more about the Chromia Mainnet launch: 
Chromia Mainnet Launch Sets the Stage for Next-Gen Blockchain Networks