According to the report by BCTD, on March 20, an attacker exploited a vulnerability in Li Finance's smart contract that allows the transfer of assets from the wallets of users who have signed a "perpetual approval" for the protocol.
When the project team became aware of the incident, they disabled all swaps on the platform. But, the hacker managed to withdraw about $600,000 in tokens, including USD Coin (USDC), Polygon (MATIC), Tether (USDT), and others. Hacker was still a step faster than them. Though LiFinance already said that they managed to recover losses from 25 wallets around ($80,000). They already contacted the affected wallet owners to offer them compensation beucase of what happened.