An attacker breached the 2FA authentication service for Loopring’s smart wallets, impersonated wallet owners and siphoned around $5 million from what Loopring markets as “Ethereum’s most secure wallet.”
A hacker posed as the wallet owner and withdrew assets from Loopring’s guardian smart wallets.
Shutterstock
Posted June 10, 2024 at 2:18 am EST.
Loopring, an Ethereum-based ZK-rollup protocol, disclosed that some of its smart wallets were compromised in a security breach on Sunday.
“The attack exploited wallets with only one Guardian, specifically the Loopring Official Guardian. The hacker initiated a recovery process, falsely posing as the wallet owner to reset ownership and withdraw assets,” wrote the Loopring team on X.
“The attack succeeded by compromising Loopring’s Two-Factor Authentication (2FA) service, allowing the hacker to impersonate the wallet owner and gain approval for the recovery from the Official Guardian.”
Loopring describes its smart wallets as “Ethereum’s most secure wallet,” which unlocks the full potential of the layer 2. These smart wallets function more like smart contracts as opposed to standard Ethereum wallet addresses. Users can opt to nominate “guardians” as an added layer of security for their wallets to assist with asset recovery in cases of stolen or misplaced seed phrases.
These guardians can be other hardware or software addresses that belong to them, or an address of a trusted third-party like a friend, family member, or institutional service. Users have the freedom to add as many guardians as they want, but in the event of wallet recovery more than half the number of wallet guardians would need to collaborate to unlock the wallet.
In this particular instance, the hacker targeted wallets with only one guardian, meaning those wallets that nominated multiple guardians were not victims of the exploit.
Blockchain security firm Cyvers identified the hacker’s address which holds over $5 million after swapping the stolen assets for ether.
The Loopring team said it is collaborating with blockchain security firm SlowMist and other security experts to determine how its 2FA service was compromised. In the meantime, the team has temporarily suspended Guardian and 2FA related operations.
“Loopring is working with law enforcement and professional security teams to track down the perpetrator. We will continue to provide updates as soon as the investigation progresses,” said the Loopring team.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://unchainedcrypto.com/looprings-guardian-smart-wallets-hacked-for-5-million/
