Li Finance smart contract contains a bug that the hacker exploited to access and steal the user’s money. We learned that this amount came from 29 users’ wallets, and since it happened yesterday, the protocol has reimbursed some of the money.
One of the alarming trends in the crypto sector is exploits, hacks, and attacks perpetrated by cybercriminals from time to time. This proves that crypto investment is not always secure and is prone to losses. For example, in the latest exploit, one of the players in the decentralized sector lost $600,000 investors’ money to cyber thieves.
Related Reading | Weekend Rally Puts Dogecoin 10% Ahead, But Can The Meme Coin Hold?
We also learned that the amount came from different cryptos such as AAVE, Tether (USDT), DAI, USD Coin (USDC), Audius (AUDIO), Polygon (MATIC), etc.
More About The Li Finance Exploit
The incident occurred on Sunday, March 20, but the team got to know it after 12 hours had passed. However, they did stop every swapping activity on their network so that more money won’t be lost.
On March 21, the team announced the event to alert users of what had happened. According to them, the hacker was using the swapping function and got away with 205 Ethereum, which wasn’t yet recovered as at the time of the announcement. But according to the Li Finance team, they have patched the bug that opened access to the hackers.
Luckily, at least 25 wallet addresses that were hacked have gotten back their funds. The team covered the losses through their treasury funds. But the amount from these wallets was only $80,000, meaning that the bulk of the money totaling $517,000 hasn’t been refunded.
However, the protocol is making deals with the wallet owners to become angel investors in the DeFi protocol. Also, the team contacted the hacker to refund the money and offered him a bounty if he did so.
The Exploit’s Impact On Li Finance
Apart from the funds stolen, there’s another negative impact that Li Finance incurred due to the attack. According to CEO Philip Zentner, the protocol was preparing for an audit which was to take place seven days to come.
The alarming aspect is that many companies will be auditing the protocol, and this incident has thrown them into a negative light.
However, a researcher sharing his opinion about the incident mentioned that the bug wouldn’t have been easy to detect unless someone had paid close attention. But that notwithstanding, it is clear that infinite approvals, which protocols use smart contracts to do, are not very safe for investors’ funds.
Related Reading | The New Token Ethereum Whales Are Bullish On
It opens up a lot of vulnerabilities for investors who engage in coin swapping. So, it’s evident that the idea that one approval is enough to carry out a large number of swapping on any exchange needs to be reviewed.
Featured image from Pixabay, chart from TradingView.com