LI.FI, a cross-chain liquidity protocol, suspended all trading and signing operations on Friday following a security breach that drained approximately $10.8 million from users across multiple blockchains, including Bitcoin, Ethereum, BSC, and Base. The attack exploited a vulnerability in the protocol's smart contracts, allowing the attacker to siphon funds from active approvals. The team has paused operations to contain the incident and is investigating the root cause. Users are advised to revoke any approvals granted to LI.FI contracts. This incident highlights ongoing security risks in cross-chain protocols, which often handle large liquidity pools and complex contract interactions.

Key facts

• Attack exploited vulnerability in LI.FI's smart contracts, draining $10.8M.
• Funds stolen on Bitcoin, Ethereum, BSC, and Base chains.
• LI.FI paused all trading and signing to contain the breach.
• Users advised to revoke approvals to LI.FI contracts immediately.
• Incident underscores risks in cross-chain DeFi protocols.

KeyAudit data perspective