LI.FI, a technology that connects different blockchains to enable users to transfer assets across chains for use in DeFi protocols, recently fell victim to a hack, resulting in the theft of $11.6 million from the platform. The hack occurred shortly after the integration of a new smart contract feature, which allowed the attacker to gain unauthorized access to user wallets that had set infinite token approval for the LI.FI contract.
Users on Ethereum and Arbitrum chains who had enabled the “infinite approval” option were affected, while others remained unaffected by the breach. The stolen assets primarily consisted of stablecoins such as USDT, USDC, and DAI, impacting about 153 wallets in total. In response to the hack, LI.FI has committed to refunding all affected users 100% of their losses through a voluntary compensation scheme.
Following the incident, LI.FI assured its community that the platform is now secure, and measures have been implemented to prevent future cyber attacks. The team promptly notified law enforcement authorities to aid in the recovery of the stolen funds and hold the responsible party accountable for the theft.
In an effort to enhance security, LI.FI announced plans to implement additional security measures and revise its contract deployment process to prevent similar vulnerabilities in the future. By working closely with industry participants and law enforcement agencies, LI.FI aims to ensure the safety and integrity of its platform while continuing to provide bridging and swapping services for users across different blockchains.