Loopring, the Ethereum-based ZK-rollup protocol, faced a significant security breach on Sunday, resulting in losses totaling millions of dollars. The attack targeted Loopring’s Guardian wallet recovery service, exploiting a vulnerability in the two-factor authentication (2FA) process. This allowed the hacker to bypass the service and initiate unauthorized wallet recoveries with a single guardian, compromising the security of affected wallets. The exploit primarily affected wallets without multiple or third-party guardians in place.
The hacker was able to impersonate wallet owners by compromising Loopring’s 2FA service, gaining approval for the recovery process, resetting ownership, and withdrawing assets from the compromised wallets. Loopring has identified two wallet addresses involved in the breach, with one wallet draining approximately $5 million from the affected wallets, which have since been completely swapped to Ethereum (ETH). The team is collaborating with Mist security experts to investigate how the hacker compromised their 2FA service, and as a result, Guardian-related and 2FA-related operations have been temporarily suspended to protect users and prevent further compromises. Loopring is also working with law enforcement and professional security teams to track down the perpetrator.
In a separate incident, CoinGecko, a crypto market data aggregator, experienced a data breach through its third-party email service provider, GetResponse. The hacker compromised the account of a GetResponse employee on June 5 and exported nearly 2 million contacts from CoinGecko’s account. Subsequently, the attacker sent 23,723 phishing emails using the account of a different GetResponse client, although these emails did not use CoinGecko’s domain. Despite the breach, CoinGecko reassured users that their accounts and passwords were not compromised. However, leaked data included users’ names, email addresses, IP addresses, and email open locations. CoinGecko advised users to remain vigilant, especially when receiving emails offering airdrops, and to avoid clicking on links or downloading attachments from unexpected sources.
As both Loopring and CoinGecko address security breaches and work to strengthen their systems, it serves as a reminder of the importance of safeguarding cryptocurrency assets and personal information. Implementing robust security measures such as multiple guardians for wallet recovery and remaining cautious when interacting with emails can help users protect their assets and data. It is essential for individuals in the crypto space to stay informed about potential threats and take proactive steps to secure their digital assets. By collaborating with security experts and authorities, companies like Loopring and CoinGecko can mitigate risks and enhance the overall safety of their platforms for users.
Discussion about this post