Li.Fi Releases Incident Report and Compensation Plan Following $11.6M Hack

Following the recent $11.6 million hack of the Li.Fi protocol, the team has released an incident report detailing the breach. The attack originated from a vulnerability in a newly deployed smart contract facet, which allowed unauthorised calls to any contract without prior validation due to human error in the deployment process. This vulnerability stemmed from code in the LibSwap library, which is used to facilitate asset bridging and swapping.The exploit affected 156 wallets on the Ethereum and Arbitrum networks, specifically those with the "infinite approvals" option turned on. In response, Li.Fi has addressed the vulnerability, contained the exploit, and contacted law enforcement to trace the stolen funds. The team also announced a voluntary compensation plan to reimburse 100% of the affected users' funds​​​​.