//LI.FI
D

LI.FI

Risk Score 67/100·DValue
Compare
TVL·BridgeWebsite →

Useful UX layer for cross-chain but historical exploits + shared-approval architecture + downstream bridge inheritance make this a riskier sit-on-approvals proposition than it appears.

Risk Breakdown

Top Risks

1

Two separate exploits (March 2022 $600K, July 2024 $11.6M) — both involving arbitrary-call bugs in swap facets with user-approved tokens. Pattern of issues in the facet/Diamond architecture

2

Aggregator model means LI.FI inherits every underlying bridge's security (including LayerZero, Stargate, Across, Hop, etc.) — KelpDAO's LayerZero exploit in April 2026 is directly inherited through any LayerZero-routed path

3

Large infinite-approval surface: any user who ever used LI.FI has (likely) granted the LI.FI Diamond contract unlimited token approvals, making every future contract facet a potential drain vector

Frequently Asked Questions

Is LI.FI safe to use?
LI.FI receives a D risk grade (67/100) from Hindenrank, where lower scores indicate lower risk. Useful UX layer for cross-chain but historical exploits + shared-approval architecture + downstream bridge inheritance make this a riskier sit-on-approvals proposition than it appears. LI.FI is an SDK-first bridge + DEX aggregator that most users interact with via Jumper Exchange or a partner wallet rather than LI.FI directly. Technically it is a single EIP-2535 Diamond contract with many 'facets' that share all user approvals — meaning every user who ever transacted has an outstanding approval to the LI.FI Diamond. This has already led to two exploits: $600K in March 2022 (swap facet bug) and $11.6M in July 2024 (GasZipFacet arbitrary-call). LI.FI also inherits the security of whichever underlying bridge is routed — which, post-KelpDAO's April 2026 $292M LayerZero exploit, includes a now-validated and very real threat surface.
What are the main risks of using LI.FI?
The key risks identified for LI.FI are: (1) Two historical exploits ($600K in 2022, $11.6M in 2024) both in Diamond facet architecture (2) Infinite approvals mean historical users are exposed to any new exploit discovered today (3) LI.FI inherits the security of every underlying bridge — LayerZero, Stargate, Hop, Across, CCTP — so the KelpDAO exploit pattern is directly relevant (4) Upgrade authority sits in a team multisig — compromise would enable a draining facet (5) AI-assisted vulnerability discovery increases the probability of another facet exploit being found
What is LI.FI's risk score breakdown?
LI.FI scores 67/100 across eight risk dimensions: Mechanism Novelty: 6/15, Interaction Severity: 15/20, Oracle Surface: 4/10, Documentation Gaps: 6/10, Track Record: 15/15, Scale Exposure: 7/10, Regulatory Risk: 4/10, Vitality Risk: 10/10. The highest risk area is Track Record at 15/15.
How does LI.FI compare to other Bridge protocols?
Among 24 rated Bridge protocols on Hindenrank, LI.FI ranks #24 by safety (lowest risk score = safest). Its 67/100 risk score and D grade place it among the riskier Bridge protocols.
Has LI.FI ever been hacked or exploited?
LI.FI scores 15/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.
Last scanned 2026-04-19

Get risk alerts before it's too late

Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.