Skip to main content
Sign in

LiFi Protocol

avoid.net/lifi-protocol38/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·5sKscz…993g

Summary

LI.FI (formerly Li.Finance) is a cross-chain liquidity aggregation protocol founded in 2021 that routes swaps across bridges and DEXs via a unified API, SDK, and widget. The protocol has suffered two distinct smart contract exploits — a $600,000 approval drain in March 2022 and an approximately $11.6 million drain in July 2024 — with security firm PeckShield noting the root causes were 'basically the same.' Both incidents involved arbitrary-call vulnerabilities that allowed attackers to abuse users' infinite token approvals, raising concerns about repeated security failures despite prior disclosure.

Connected Entities

1 entities
Protocols
LiFi Protocol
Relationships
    Have evidence about LiFi Protocol?

    Timeline(10 events)

    2021-01-01

    LI.FI (formerly Li.Finance) founded by Philipp Zentner to provide cross-chain bridge and DEX aggregation infrastructure.

    2022-03-20

    First exploit: attacker drains approximately $600,000 from 29 user wallets via an arbitrary-call vulnerability in the pre-bridge swap feature. Team disables swap methods and begins post-mortem.

    2022-03-21

    LI.FI publishes post-mortem blog post on the March 2022 exploit and announces partial reimbursement plan.

    2023-05-01

    LI.FI closes $17.5 million Series A funding round co-led by CoinFund and Superscrypt.

    2024-07-11

    GasZipFacet smart contract facet deployed to the LI.FI diamond proxy — approximately five days before the second exploit.

    2024-07-16

    Second exploit: attacker exploits missing whitelist validation in GasZipFacet's depositToGasZipERC20() function, draining approximately $11.6 million from 153 wallets across Ethereum and Arbitrum. LI.FI disables the vulnerable facet and issues emergency warning.

    2024-07-16

    PeckShield publicly states the 2024 bug is 'basically the same' as the 2022 exploit.

    2024-07-19

    LI.FI publishes Security Incident Report for the July 16 exploit, attributing the vulnerability to 'individual human error in overseeing the deployment process.'

    2024-07-23

    LI.FI initiates voluntary compensation plan for all 153 affected wallets, backed by major investors.

    2025-12-11

    LI.FI raises $29 million Series A extension led by Multicoin Capital and CoinFund, bringing total capital raised to approximately $51.7 million.

    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/30/2026, 7:10:20 PM

    last updated: 5/30/2026, 7:10:23 PM

    avoid.net — verified advice for a post-truth world