Scan to download
Home
Article
Flash
Token Unlock
Hot Projects
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools

Beosin: Analysis of the Attack Incident on the Cross-Chain Protocol LI.FI

2024-07-16 23:10:53
Collection

ChainCatcher message, according to Beosin Alert monitoring and early warning, the cross-chain protocol LI.FI has been attacked. The Beosin security team found that the vulnerability was caused by the attacker using a call injection in the project contract to transfer the assets of users authorized to the contract. The LI.FI project contract has a function called depositToGasZipERC20, which can exchange specified tokens for platform tokens and deposit them into the GasZip contract. However, the code in the exchange logic does not restrict the data of the call, allowing the attacker to exploit this function for a call injection attack, extracting the assets of users authorized to the contract.

Attacker address: 0x8B3Cb6Bf982798fba233Bca56749e22EEc42DcF3
Attacked contract: 0x1231DEB6f5749EF6cE6943a275A1D3E7486F4EaE

As of now, the total loss includes 6.3359 million USDT, 3.1919 million USDC, and 169,500 DAI, approximately 10 million USD.

Beosin Trace is currently tracking the stolen funds.

Related tags
LI.FI
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
banner
LI.FI Attack Incident Tracking

LI.FI Attack Incident Tracking

The cross-chain trading aggregator LI.FI has experienced suspicious transactions, affecting over 8 million dollars of user funds, and subsequent false messages such as "phishing accounts" have emerged. How will this develop further?
Column
Related reading
ai16z will utilize the cross-chain protocol Li.Fi to expand to the Ethereum and Base ecosystems
2024-11-19 09:59
Klaster Protocol, Biconomy, and LI.FI jointly launched a one-click chain abstraction user experience.
2024-08-22 20:54
LI.FI integrates the cross-chain trading protocol ThorChain.
2024-08-16 15:59
Data: LI.FI attackers transferred 807 ETH to 3 new addresses, worth approximately 2.5 million USD.
2024-08-02 10:17
Related tags
LI.FI
Mention the project
LI.FI
LI.FI Cross-Chain Bridge Aggregation Protocol
Copyright © 2023
About Us
Media Kit
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app