Loopring Smart Wallets Suffer a $5 Million Exploit
Loopring observed that the attacker impersonated the wallet owner to reset ownership and redeem assets.
On Sunday, Loopring, an Ethereum zero-knowledge roll-up protocol, announced a significant security vulnerability attack on its smart wallets, linked to the Loopring Official Guardian.
The project is collaborating with security and law enforcement agencies to investigate how the two-factor authentication system was compromised and to track down the cybercriminals.
Loopring Official Guardian Exposed
In a comprehensive announcement shared on platform X, Loopring disclosed that the attacker targeted a subset of the wallet, capitalizing on the vulnerabilities of the Official Guardian. As such, some wallets within Loopring fell victim to this security breach.
🚨Incident Alert: Loopring Smart Wallets Compromised🚨
A few hours ago, some Loopring Smart Wallets were targeted in a security breach. The attack exploited wallets with only one Guardian, specifically the Loopring Official Guardian. The hacker initiated a Recovery process,… pic.twitter.com/Y9mYC4j9QJ
— Loopring💙 (@loopringorg) June 9, 2024
The malicious actor circumvented Loopring’s authorized Guardian services by impersonating wallet owners. This allowed them to initiate unauthorized recoveries on wallets that relied solely on the compromised Guardian without the permission of the actual users.
By specifically targeting the Official Guardian and 2FA service, the attacker siphoned substantial assets from several wallets.
Loopring and blockchain audit firm Cyvers Alert identified and publicly shared the two malicious wallets. Onchain data from Etherscan revealed that one of the hacker’s wallets seized about $5 million worth of assets from the compromised wallets. The wallet has already swapped the crypto for ETH and still holds 1,373 ETH worth $5 million.
It is important to note that not all wallets were exposed. Wallets employing multiple guardians or alternative third-party guardians were not affected by the recent exploit.
Commitment to Protect Investors
Loopring announced on their X platform that they are working with Mist security experts and law enforcement agencies to determine how their two-factor authentication service was compromised and to track down the malicious actors.
To protect users, Loopring has temporarily suspended all Guardian-related and 2FA-related operations, which has since stopped the compromise. The network encourages anyone with additional information about the exploit to come forward and commits to providing updates as the investigation progresses.
As per their report, they remain steadfast in showing their commitment to safeguarding the interests of their users.
According to data from Coingecko, Loopring’s native token, LRC, experienced a slight reaction when news of the attack emerged. It is currently trading at $0.2199, reflecting a 2.7% decrease in the past 24 hours and an 18% decrease over the past 7 days.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
US lawmakers push for hostage designation in Binance exec’s detention in Nigeria
Quick Take Two U.S. congressmen, Rich McCormick and French Hill, have submitted a resolution to the House Committee on Foreign Affairs, urging the U.S. government to declare the detention of Binance executive Tigran Gambaryan in Nigeria as a hostage situation. The resolution calls for the Nigerian government to immediately release Gambaryan, a U.S. citizen, citing his deteriorating health in Kuje Prison.
SEC allows certain firms to skirt controversial crypto accounting bulletin
Quick Take Some firms have proposed business practices that the SEC agrees could exempt them from controversial crypto accounting guidance, according to an SEC source. Firms have consulted with the SEC on crypto policies since SAB 121 was released. The SEC allows exemptions with proven procedures and technology for customer crypto recovery in bankruptcies.
