WazirX, Li.Fi hacks show continuing hacker threat for crypto
Each day, Coinrule will run through the state of the digital assets market for Blockbeat, your home for news, analysis, opinion and commentary on blockchain and digital assets.
Li.fi protocol, a bridge that links the Ethereum and Solana Blockchains as well as helps users bridge their crypto funds across various Layer 2s, was hacked for over $9 million in stablecoins this week. Even worse, WazirX, the Binance-owned largest centralised exchange in India, was hacked for over $230 million. The attacks highlight the ongoing threat which both centralised and decentralised crypto projects continue to face.
In the case of Li.fi, the hack occurred following the upgrade of a Smart Contract which re-introduced a previously fixed bug. A hacker was able to exploit the protocol’s swapping feature which allows Li.fi to perform swaps before bridging. Instead of actually swapping, the hacker was able to move tokens.
The hack of WazirX was even more sophisticated. The hackers were able to gain access to the company’s treasury which was controlled through multi-signatures on the widely-used SAFE wallet. Both phishing and corrupted user interfaces were the most likely attack vectors through which the hackers gained access to the signatures of the treasurers. Early evidence points at the North Korean hacker group Lazarus as a potential candidate for this sophisticated attack. So-called ‘on-chain sleuths’ who excel at tracking Blockchain transactions and fund movements across chains were able to link some of the funds with known wallets of Lazarus.
These two hacks come on the back of a rising amount of crypto funds being lost to hackers. The amount of cryptocurrency stolen in hacks globally more than doubled in the first six months of 2024 from a year earlier, driven by a small number of large attacks according to blockchain researchers TRM Labs. Hackers had stolen more than $1.38 billion worth of crypto by June, 2024, compared with $657 million in the same period in 2023, TRM Labs said in a report.
What stands out across these hacks is that the most risky places to hold funds are centralised exchanges, new projects and bridges. Battle-hardened decentralised finance protocols, such as Uniswap, Aave and others, have managed to avoid hacker attacks and gradually removed attack vectors. More experimental projects, forks of existing protocols that try to customise the code base and ‘fly-by-night’ teams that launch on new chains on the other hand are high-risk places to hold funds. Novel approaches, such as AI-based security for Smart Contracts, are being developed to improve security risks. But so far the eternal truth of crypto remains: if your funds sit in someone else’s Smart Contract or in a centralised exchange, you do not hold them. Not your keys, not your coins.