Welcome to the dark web of DeFi.
Authentic investigative journalism and unfiltered creative commentary.
Wednesday, July 17, 2024
Infinite approvals... the ultimate leap of faith strikes again.
LiFi protocol lost $9.73M to an attack draining addresses that had previously approved infinite permissions to the protocol's contracts across multiple chains.
Shortly after the alarm was raised by security firm CertiK, the LiFi team acknowledged the hack roughly an hour later.
Jumper Exchange, which is powered by LiFi's services, also informed their users about the exploit and appears to be unaffected as of now.
Both LiFi and Jumper urged users to check whether their addresses were affected and revoke approvals via revoke.cash.
What's more concerning is that LiFi suffered from an almost identical exploit back in March 2022, losing $600K from 29 wallets.
Why did a known bug make it to production on a live protocol... again?
We provide an anonymous platform for whistleblowers and DeFi detectives to present their information to the community. All authors remain anonymous.
We are all rekt.