Trusted

DEX Aggregator LI.FI Reimburses Users After Smart Contract Exploit

3 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • LI.FI experienced a smart contract exploit, losing $600K of user funds.
  • Twenty-nine users were affected, of which 25 have been reimbursed.
  • LI.FI has committed to future audits to beef up security.
  • promo

Decentralized exchange aggregator (DEX) Li.Finance experienced an exploit on its smart contract that saw swapping-before-bridging functionality compromised.

The attacker did not manage to perform swaps but did enable token contracts to be called in the context of the LI.FI smart contract, exposing those who gave infinite approval to the LI.FI smart contract. 

The exploit occurred at 02:51 AM UTC, with approximately $600K (205 ETH) stolen from 29 wallets, including USDC, MATIC, RPL, GNO, USDT, MVI, AUDIO, AAVE, JRT, and DAI.

The tokens stolen were stolen from users’ wallets based on which token contracts they had given approval, and were later converted to ETH

The tokens remain in the hacker’s wallet, with LI.FI reaching out to discuss the return of user funds and a potential bounty.

LI.FI reimburses affected users

LI.FI  fixed the weakness in their smart contract and compensated the majority of affected users within 18 hours. They also disabled infinite token approvals by default. Twenty-five out of 29 wallets were reimbursed $80K, while the remaining wallets could not be reimbursed directly without LI.FI experiencing serious financial repercussions. 

“In order to reduce our treasury damage, we are offering to transform the lost funds into an angel investment into LI.FI and thus, future LI.FI tokens under the same terms as our investors in the current funding,” they said in a post-mortem blog post. 

Affected users are not compelled to agree to this, and should they reject the offer, they will be reimbursed.

What is LI.FI?

LI.FI is a DEX aggregator that is a middle layer between DeFi infrastructure and the application layer. The DEX aggregator is like a search engine of sorts. 

Typically, liquidity providers contribute coins to a liquidity pool in a decentralized exchange. Users can swap tokens, for example, ETH for Basic Attention Token, where the price of Basic Attention Token is set by the volume in the pool. The greater the volume, the lower the price in ETH to buy BAT.

DEX aggregator collects data from a wide array of decentralized exchanges to facilitate “split trades,” offering users the best possible prices for swaps by performing complicated calculations on their behalf. As liquidity varies from one DEX to another, the price of tokens will vary.

LI.FI said in conclusion, “As builders in the space, it is our responsibility to ensure that users’ funds are safe above else. Our users can rest assured that the audit is happening and LI.FI is safe to use.”

stealing approximately $600K (205 ETH) from 29 wallets, including USDC, MATIC, RPL, GNO, USDT, MVI, AUDIO, AAVE, JRT, and DAI. The tokens stolen were stolen from users’ wallets based on which token contracts they had given approval, and were later converted to ETH. The tokens remain in the hacker’s wallet, with LI.FI reaching out to discuss the return of user funds and a potential bounty.

LI.FI reimburses affected users

LI.FI has fixed the weakness in their smart contract and compensated the majority of affected users within 18 hours. They also disabled infinite token approvals by default. Twenty-five out of 29 wallets were reimbursed $80K, while the remaining wallets could not be reimbursed directly without LI.FI experiencing serious financial repercussions. “In order to reduce our treasury damage, we are offering to transform the lost funds into an angel investment into LI.FI and thus, future LI.FI tokens under the same terms as our investors in the current funding,” they said in a post-mortem blog post. Affected users are not compelled to agree to this, and should they reject the offer, they will be reimbursed.

What is LI.FI?

LI.FI is a DEX aggregator that is a middle layer between DeFi infrastructure and the application layer. The DEX aggregator can be thought of as a search engine of sorts. Typically, liquidity providers contribute coins to a liquidity pool in a decentralized exchange. Users can swap tokens, for example, ETH for Basic Attention Token, where the price of Basic Attention Token is set by the volume in the pool. The greater the volume, the lower the price in ETH to buy BAT.

DEX aggregator collects data from a wide array of decentralized exchanges to facilitate “split trades,” offering users the best possible prices for swaps by performing complicated calculations on their behalf. 

As liquidity varies from one DEX to another, the price of tokens will vary.

LI.FI said: “As builders in the space, it is our responsibility to ensure that users’ funds are safe above else. Our users can rest assured that the audit is happening and LI.FI is safe to use.”

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored