DEX aggregator Li Finance has recently reported it has fallen victim to a hack in which it has lost 205 ETH valued at $591,630 from 29 different wallets connected to the service.
The project team has reported it has fixed the exploit and compensated most users for the losses.
According to the report, on March 20, an attacker exploited a vulnerability in Li Finance’s smart contract that allows the transfer of assets from the wallets of users who have signed a “perpetual approval” for the protocol.
An analyst from investment company Paradigm under the nickname t11s has emphasized that even a thorough audit could not reveal this exploit. According to him, the error in Li Finance’s code is easy to miss, and it is “imperceptible if you are of your mind.”
When the project team became aware of the incident, they disabled all swaps on the platform. However, the hacker managed to withdraw about $600,000 in tokens, including USD Coin (USDC), Polygon (MATIC), Tether (USDT) and others.