Hacker Exploits a Bug in Li Finance: Users lose over $600,000
- The hacker targeted Li Finance's swapping feature, which allows swaps to be performed before bridging.
- The hacker managed to steal around $600,000 from 29 wallets
In what appears to be a smart contract exploitation at Li Finance, 29 users lost around $600,000. Hackers carried out the exploit in a single transaction done at 02:51 AM +UTC.
As soon as the team was notified of the exploit, all swap methods were disabled until they worked on a fixture for the loophole.
A loss worth hundreds of thousands of dollars
The hacker managed to steal 205 ETH from 29 wallets. The stolen assets include USDC, MATIC, RPL, GNO, USDT, MVI, AUDIO, AAVE, JRT, and DAI.
After the hack, the attacker swapped all tokens to ETH and moved them to his wallet.
The team contacted the hacker requesting the funds be returned, but there has been zero response as yet.
“If you are reading this, we would be extremely grateful to provide a generous bounty and would obligate ourselves not to disclose any information about your identity.”
A lesson to learn the importance of security
12 hours after the attack, the team discovered the exploit and immediately reacted to disable all switching features.
26 out of the 29 wallets have been reimbursed, and they wanted to offer something special to the rest. The remaining three wallets are worth somewhere around $397k.
To reduce the treasury damage, they offered to transform the lost funds into an angel investment. But, they added that it is the final decision of the users to accept or reject the offer.
Exploits like this teach everyone the importance of improved security. Since the funds and assets of thousands of users are at stake, it is of utmost responsibility to keep them safe.
But as we see, with improved security, the hackers are also trying their best to find the tiniest loophole to execute their attack.
The information provided on DecentReviews does not constitute investment advice, financial advice, trading advice, or any other sort of advice. Do not treat any of the websites content as such. DecentReviews does not recommend that any cryptocurrency or blockchain asset should be bought, sold, or held by you. Conduct your own due diligence and consult your financial advisor before making any investment decisions.