DEX aggregator Li Finance has reported a hack that resulted in the theft of 205 ETH (~$591,630) from 29 wallets connected to the service. The project team closed the exploit and compensated for the losses of most users.
According to the report, on March 20, an attacker exploited a vulnerability in Li Finance's smart contract that allows the transfer of assets from the wallets of users who have signed a "perpetual approval" for the protocol.
Analyst at the investment company Paradigm under the nickname t11s emphasized that even a thorough audit could not reveal this exploit. According to him, the error in Li Finance's code is easy to miss, and it is "imperceptible if you are of your mind."
When the project team became aware of the incident, they disabled all swaps on the platform. However, the hacker managed to withdraw about $600,000 in tokens, including USD Coin (USDC), Polygon (MATIC), Tether (USDT), and others.
The attacker converted the stolen assets into Ethereum. Cryptocurrency is still stored on his address.
Trending: Finder: Bitcoin could hit $80,000 by 2025
Li Finance said it recovered losses from 25 wallets totaling $80,000. The remaining four wallets account for about $517,000 in stolen funds. The team contacted the owners of the addresses and offered them "special" compensation:
“To mitigate the damage to our treasury, we offer to convert lost funds into Li Finance angel investments and future Li.Fi tokens on the same terms as for our investors in the current funding round. […] However, the final decision rests with the users.” Li Finance specialists also turned to the hacker with a request to return the stolen assets for a reward.
The decentralized oracle service Umbrella Network also reported a hack. The attacker used an exploit in staking contracts for liquidity providers of Ethereum and BNB pools.
Trending: Salvadorans are against buying bitcoins at the expense of the budget
As a result of the attack, the hacker withdrew tokens from these pools. The project team stated that the attacker sold over 2.2 million UMB on the open market. PeckShield experts estimated damage at $700,000.
The Umbrella Network guaranteed that they would pay compensation to all affected users. The team also stressed that the protocol's other smart contracts were not affected.