According to the latest updates from the company, the crypto interoperability platform Li.fi has been affected by an exploit.
It is reported that assets worth $10 million have already been drained.
In an X post published on 16 July, the official handle of the Li.fi protocol warned users not to use any applications powered by the protocol.
The post asked users not to interact with Li.fi-based applications as the company is doing an investigation on the exploit.
Please do not interact with any https://t.co/nlZEnqOyQz powered applications for now!
We're investigating a potential exploit. If you did not set infinite approval, you are not at risk.
Only users that have manually set infinite approvals seem to be affected.
Revoke allโฆ
— LI.FI (@lifiprotocol) July 16, 2024
This message from the Li.fi official handle specified that users who had set infinite approvals were at risk and that others were not.
It is also reported that the Jumper Exchange has been affected by the same exploit since it uses the Li.fi protocol. Other platforms using the Li.fi protocol are also under scrutiny.
In a tweet, the Jumper Exchange asked users not to interact with its platform, iterating that those who have not set infinite approvals are safe.
Please do not interact with our platform right now!
We're investigating a potential exploit.If you did not set infinite approval, you are not at risk.
Only users that have manually set infinite approvals seem to be affected.
Revoke all approvals for:โฆ
— Jumper (@JumperExchange) July 16, 2024
It asked those who are concerned to,
โRevoke all approvals for:
0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae
0x341e94069f53234fE6DabeF707aD424830525715
0xDE1E598b81620773454588B85D6b5D4eEC32573e
0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68
You can revoke permissions by using http://revoke.cashโ
In the meantime, other security firms have confirmed their suspicions about an exploit affecting multiple services using the said protocol.
For instance, CertiK, a security firm reporting on crypto events and scams, tweeted that its alerting system has detected a considerable number of transactions involving the said exploit. They added that the wallet in question had assets worth $8.7 million.
Other users have also made claims about the breadth of the attack, but these numbers have neither been confirmed nor denied by the official Li.fi handle.
The first update about the exploit was made by an X user who goes by the name of Sudo, who mentioned that $10 million has already been drained through the exploit. The user has concluded after looking at the hash data for Ethereum.
While the specific details are to be ascertained, many have indicated that the exploit is similar to a hack that the Li.fi protocol faced back in March 2022.
As a result, many are questioning the dev team’s inability to fix the same.