Hacker Drains $5 Million from Loopring Wallets Using Guardian Service Exploit
On Sunday, Loopring, the Ethereum-based ZK-rollup protocol, experienced a major security breach. This incident resulted in losses reaching millions of dollars.
The attack targeted the Guardian wallet recovery service, exploiting a vulnerability in the two-factor authentication (2FA) process.
Loopring Collaborates with Experts and Authorities After the Hack
Loopring’s Guardian service lets users designate trusted wallets for security tasks, such as locking a compromised wallet or restoring one if the seed phrase is lost. The hacker bypassed this service , initiating unauthorized wallet recoveries with a single guardian.
By compromising Loopring’s 2FA service, the hacker impersonated the wallet owner. This allowed the hacker to gain approval for the recovery process, reset ownership, and withdraw assets from the affected wallets. The exploit mainly affected wallets that lacked multiple or third-party guardians.
Read more: 9 Crypto Wallet Security Tips To Safeguard Your Assets
The team identified two wallet addresses involved in the breach . On-chain data indicates one wallet drained approximately $5 million from the compromised wallets, which have now completely swapped to Ethereum (ETH).
Loopring explained that they are collaborating with Mist security experts to determine how the hacker compromised their 2FA service. They have also temporarily suspended Guardian-related and 2FA-related operations to protect users, which stopped the compromise.
“Loopring is working with law enforcement and professional security teams to track down the perpetrator. We will continue to provide updates as soon as the investigation progresses,” it added .
The incident occurred after crypto market data aggregator CoinGecko was victim to a data breach via its third-party email service provider, GetResponse. On June 5, the hacker compromised the account of a GetResponse employee and exported nearly 2 million contacts from CoinGecko’s account.
This attacker then dispatched 23,723 phishing emails using the account of a different GetResponse client. The malicious actors didn’t use CoinGecko’s domain to send harmful emails.
CoinGecko further assured its users that the hacker did not compromise their accounts and passwords despite the breach. However, the leaked data did include users’ names, email addresses, IP addresses, and the locations where emails were opened.
Read more: Top 5 Flaws in Crypto Security and How To Avoid Them
CoinGecko has advised users to be vigilant in response to the breach, especially when receiving emails purporting to offer airdrops . The platform also urged users to avoid clicking links or downloading attachments from unexpected emails and adhere to recommended security measures.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
US lawmakers push for hostage designation in Binance exec’s detention in Nigeria
Quick Take Two U.S. congressmen, Rich McCormick and French Hill, have submitted a resolution to the House Committee on Foreign Affairs, urging the U.S. government to declare the detention of Binance executive Tigran Gambaryan in Nigeria as a hostage situation. The resolution calls for the Nigerian government to immediately release Gambaryan, a U.S. citizen, citing his deteriorating health in Kuje Prison.
SEC allows certain firms to skirt controversial crypto accounting bulletin
Quick Take Some firms have proposed business practices that the SEC agrees could exempt them from controversial crypto accounting guidance, according to an SEC source. Firms have consulted with the SEC on crypto policies since SAB 121 was released. The SEC allows exemptions with proven procedures and technology for customer crypto recovery in bankruptcies.
