The Li Finance swap aggregator has undergone an exploit leading to the loss of around $600,000 from 29 users’ wallets. The exploit happened around 20th March. The attacker was prepared to extract varying quantities of 10 different tokens from wallets that had given endless approval to the Li Finance protocol. The stolen tokens were Polygon (MATIC), Rocket Pool (RPL), USD Coin (USDC), Gnosis (GNO), Tether (USDT), Jarvis Reward Token (JRT), Metaverse Index (MVI), Audius (AUDIO), AAVE, and DAI.
When the committee got to know about the exploit, it closed down all swapping tasks on the platform to restrict any further losses. The committee had published a post mortem listing the incidents of the exploit. The squad said that the assailant traded the stolen tokens for a total of about 205 Ether or ETH rated approximately at $600,000. During writing the news, the stolen Ether was not yet moved from the assailant’s wallet. LiFi also ensured users that the bug has been recognized and mended. Out of 29 wallets that have suffered the attack, 25 of them was reimbursed from treasury funds for their losses. The 25 wallets were around $80,000 or 13 per cent of the total cost.
The remaining 4 wallets that lost around $517,000 was contacted and delivered a contract to reimburse by pricing their loss. The hacker was also asked to return funds in turn of a bug bounty. This latest hack in the DeFi sector ascertains how providing endless approvals to smart contracts opens a user’s funds to an enormous quantity of threats. Infinite approvals permit users to trade coins at a decentralized exchange or DEX an endless amount of times without requiring to uphold any more transactions.
Have a look at this- Decentralized Finance (DeFi) Badger DAO Protocol Faces $10M Exploit
