Cross-chain protocol LI.FI suffers $8m hack attack

Decentralized protocol for bridging assets across different networks, LI.FI, appears to have fallen victim to a hacker attack.

Multichain liquidity provider LI.FI, which facilitates cross-chain swaps for the Jumper crypto exchange, has reportedly suffered a hacker attack, resulting in losses totaling $8 million as of press time.

In an X post on Tuesday morning, analysts at blockchain research firm Cyvers warned that the hacker drained over $8 million, mostly in stablecoins, and already converted some of the stolen USD Coin (USDC) and Tether (USDT) to Ethereum (ETH).

The analysts urged LI.FI’s users to revoke their approvals for the protocol and avoid any interactions with it amid the ongoing attack. Shortly after the attack, LI.FI took to X to say that “only users that have manually set infinite approvals seem to be affected.”

This isn’t the first time LI.FI faces a hacker attack. In March 2022, an unknown attacker exploited a loophole in the protocol’s smart contract, resulting in the loss of $600,000 worth of various tokens. A post-mortem update from the LI.FI team stated that the vulnerability was in the swapping feature of the LI.FI smart contract, granting the attacker total control over the pre-bridge swap feature.

Founded in 2021 by Max Klenk and Philipp Zentner, the Berlin-headquartered liquidity hub raised $17.5 million in a Series A fundraise co-led by CoinFund and Superscrypt in April 2023. Other investors such as Circle, Factor, Perridon, Theta Capital, Three Point Capital, and Abra also participated in the funding.