Hackers hacked DeFi protocols Li Finance and Umbrella Network


Share this :


DEX aggregator Li Finance has reported a hack that resulted in the theft of 205 ETH (~$591,630) from 29 wallets connected to the service. The project team closed the exploit and compensated for the losses of most users.

According to the report, on March 20, an attacker exploited a vulnerability in Li Finance’s smart contract that allows the transfer of assets from the wallets of users who have signed a “perpetual approval” for the protocol.

Analyst at the investment company Paradigm under the nickname t11s emphasized that even a thorough audit could not reveal this exploit. According to him, the error in Li Finance’s code is easy to miss, and it is “imperceptible if you are of your mind.”

When the project team became aware of the incident, they disabled all swaps on the platform. However, the hacker managed to withdraw about $600,000 in tokens, including USD Coin (USDC), Polygon (MATIC), Tether (USDT) and others.

The attacker converted the stolen assets into Ethereum. Cryptocurrency is still stored on his address.

Li Finance said it recovered losses from 25 wallets totaling $80,000. The remaining four wallets account for about $517,000 in stolen funds. The team contacted the owners of the addresses and offered them “special” compensation:

Li Finance specialists also turned to the hacker with a request to return the stolen assets for a reward.

The decentralized oracle service Umbrella Network also reported a hack. The attacker used an exploit in staking contracts for liquidity providers of Ethereum and BNB pools.

As a result of the attack, the hacker withdrew tokens from these pools. The project team stated that the attacker sold over 2.2 million UMB on the open market. PeckShield experts estimated damage at $700,000.

The Umbrella Network guaranteed that they would pay compensation to all affected users. The team also stressed that the protocol’s other smart contracts were not affected.

The investigation of the incident has not been completed, detailed information was promised to be published later.

Recall that in March 2022, hackers stole $11 million as a result of hacking DeFi protocols Agave and Hundred Finance.

Leave a Reply

Your email address will not be published.

error: Content is protected !!