Loopring, an Ethereum ZK-Rollup protocol, recently reported that some of its smart wallets were exploited for an undisclosed sum. The breach led to the theft of approximately 1,373 ETH, valued at $5 million. Following the news, Loopring’s LRC token dropped by approximately 4%, hitting a four-month low of $0.21. Loopring had previously touted its smart wallets as the most secure on the Ethereum blockchain, but the breach compromised its two-factor authentication service, allowing the malicious actor to withdraw assets.
Loopring is working with blockchain security firm SlowMist to determine how its 2FA service was compromised and has temporarily suspended Guardian and other 2FA-related operations. The team is also collaborating with law enforcement and security teams to track down the perpetrator. This breach comes at a time when smart wallets are gaining popularity in the Ethereum community, with support increasing following the Ethereum Foundation’s ERC-4337 account abstraction going live on the Ethereum mainnet.
Prominent figures like Vitalik Buterin and organizations like Coinbase have endorsed smart wallets, which are expected to be part of the upcoming Pectra hard fork. However, the Loopring incident highlights the potential vulnerabilities of smart wallets, leading decentralization advocate Chris Blec to advise users to stick with properly-secured seed phrases for maximum safety and sovereignty. Pratik Kala, Head of Research at Liquid Digital Assets, also emphasized the importance of using hardware wallets for significant assets.
Overall, the breach of Loopring’s smart wallets serves as a cautionary tale for users in the Ethereum community and underscores the need for enhanced security measures when utilizing new technologies such as smart wallets. While smart wallets offer customization options for digital asset management, they also introduce new attack vectors that users should be aware of. As the investigation into the breach progresses, Loopring and other firms in the cryptocurrency space are likely to strengthen their security protocols to prevent similar incidents in the future.
Discussion about this post