DeFi protocol Li.Finance was hacked on March 20 leading to the loss of around $600,000 from 29 users’ wallets. When the team learned about the exploit 12 hours later it shut down all swapping functions on the platform in order to prevent any further losses. The attacker was able to extract the various tokens from wallets that had given “infinite approval” to the Li Finance protocol for a total of about 205 Ether (ETH) valued at roughly $600,000. Among the stolen tokens were USD Coin (USDC), Polygon (MATIC), Rocket Pool (RPL), Gnosis (GNO), Tether (USDT), Metaverse Index (MVI), Audius (AUDIO), AAVE (AAVE), Jarvis Reward Token (JRT), and DAI (DAI). Per the company, the bug has been identified and patched. At the time of writing, the stolen ETH had yet to be moved from the attacker’s wallet. TLDR: • ~$600K have been stolen from 29 wallets• User don’t have to do anything• Bug has been fixed and is already deployedhttps://t.co/fqOxJxDrZs — LI.FI – Any-2-Any Swaps (🦎,🦎) (@lifiprotocol) March 21, 2022 Bug Bounty Reward Of the 29 wallets that were hit in this attack, 25 have been reimbursed from treasury funds. Those 25 wallets only accounted for $80,000, or 13% of the total value lost. The owners of the remaining four wallets that lost a combined $517,000 have been contacted and offered a deal to compensate them by covering their losses as angel investors where they would receive LiFi tokens under the same terms as other angel inve...
