Decentralized finance platform LI.FI protocol has encountered a substantial exploit resulting in approximately $8 million in losses. On-chain data reveals a sequence of dubious withdrawals, prompting immediate investigation.

“Please do not interact with any LI.FI powered applications for now,” the protocol cautioned on X. “We’re investigating a potential exploit. If you did not set infinite approval, you are not at risk.”

LI.FI facilitates trading across various blockchains, venues, and bridges. Notably, it suffered a significant bug with its swapping feature in 2022, leading to a $600,000 loss. PeckShield, a blockchain security firm, described the recent exploit as “essentially the same.”

Read more: Lazarus Group Launders Millions from $305M DMM Bitcoin Hack

The wallet harboring the stolen assets contains 1,715 ether (ETH) valued at $5.8 million, alongside USDC, USDT, and DAI stablecoins. Crypto security firm Decurity identified the exploit involving the LI.FI bridge, pinpointing the root cause as an arbitrary call with user-controlled data via depositToGasZipERC20() in GasZipFacet, deployed five days prior.

A report by Immunefi in May disclosed that the crypto sector lost $473 million to hacks, exploits, and rug pulls in the first half of 2024.