Li Finance The Latest To Lose In DeFi Hack, Losses Mount To $600,000

Li Finance
Li Finance

DeFi protocol Li Finance was the latest to be hacked on March 20. It has led to a loss of $600,000 of 29 user wallets. The team became aware of the exploits only 12 hours later and shut down all swapping functions over the platform to put a stop to any further loss.

The attackers were able to extricate the multiple tokes from those wallets that allowed ‘infinite approval’ to Li Finance protocols for around 205 ETH (Ether) with a total value of approximately $600,000.

The incident happened ON Sunday at exactly 2:51 in the morning, UTC. The attacker succeeded in extracting multiples of 10 varied tokens. The tokens stolen include Polygon (MATIC), USD Coin, Gnosis, Rocket Pool, etc.

The team was informed about the attack at 2:15 UTC, 12 hours later. They closed down all functions related to swapping on the Li Finance platform to halt any additional losses.

By Monday 2:50 am, the Li Finance team succeeded in coming out with a detailed post-mortem of the deed. The Li Finance team explained that the hacker swapped the tokens that were stolen with around 205 ETH tokens with a combined value of around $600,000.

The stolen Ether tokens had not been relocated from the wallet of the attacker at the time of writing. Li Finance has assured all customers that the hitch has been promptly identified and mended.

Only 13% Of The Affected Li Finance Clients Compensated Promptly

25 of the wallets attacked were promptly compensated from funds from the treasury for the losses incurred. But these 25 wallets accounted only for only $80,000, or a mere 13% of the combined value.

The other 4 wallet owners have lost around $517,000 in total. Li Finance has offered them a deal that compensates the 4 investors by honoring the losses as an angel investor.

The investors would get Li Finance tokens under identical terms as any angel investors of an amount that would be equal to the losses suffered by these four wallets. This would help to both compensate the investors and also mitigate any harm to the treasury of the platform.

The hacker has also been approached and promised a bug bounty for returning the funds.