Loopring, an Ethereum zero-knowledge roll-up protocol, recently announced a significant security vulnerability attack on its smart wallets linked to the Loopring Official Guardian. The project is collaborating with security and law enforcement agencies to investigate how the two-factor authentication system was breached and to track down the cybercriminals responsible.
In a detailed announcement, Loopring disclosed that the attacker targeted a subset of the wallet, taking advantage of vulnerabilities in the Official Guardian. As a result, some wallets within Loopring fell victim to this security breach. The malicious actor managed to bypass Loopring’s authorized Guardian services by impersonating wallet owners and initiating unauthorized recoveries on wallets that solely relied on the compromised Guardian without the permission of the actual users.
Loopring and blockchain audit firm Cybers Alert identified and shared publicly the two malicious wallets involved in the attack. One of the attacker’s wallets seized around $5 million worth of assets from the compromised wallets, exchanging the crypto for ETH and currently holding 1,373 ETH worth $5 million. It is essential to note that not all wallets were affected by the exploit, as those utilizing multiple guardians or alternative third-party guardians remained unaffected.
Loopring is actively working with Mist security experts and law enforcement agencies to investigate the compromise of their two-factor authentication service and track down the individuals responsible for the breach. To protect users, Loopring has temporarily suspended all Guardian-related and 2FA-related operations, effectively stopping the compromise. The network encourages anyone with additional information about the exploit to come forward and promises to provide updates as the investigation progresses, reaffirming their commitment to safeguarding the interests of their users.
Following news of the attack, Loopring’s native token, LRC, experienced a slight reaction in the market, currently trading at $0.2199. The token saw a 2.7% decrease in the past 24 hours and an 18% decrease over the past 7 days. Despite the security breach, Loopring remains dedicated to protecting investors and ensuring the security of its platform. As the investigation continues, Loopring vows to keep users informed about any developments and takes strong measures to prevent such incidents in the future.
Discussion about this post