News
Advertise
Search
Menu
Loopring hacked for $5M after Guardian 2FA Service was Compromised
Loopring
Facebook Share X Share

Loopring hacked for $5M after Guardian 2FA Service was Compromised

2024-06-10 by Ndaman Olayinka 4 minutes read
Loopring hacked for $5M after Guardian 2FA Service was Compromised

Loopring, an Ethereum-based ZK-rollup protocol, has been hacked, resulting in a $5 million loss. The hacker went after Loopring's "Guardian" two-factor authentication (2FA) service, which was created to improve the security of the company's smart wallet. 

The Ethereum-based zkEVM protocol Loopring, which bills its smart wallet app as "Ethereum's most secure wallet" on its website, disclosed the security breach news on Sunday. Users of the Guardian service have the option to designate wallets belonging to reliable people or organizations to help with security procedures like locking down a compromised wallet or recovering it in the event that the seed phrase is misplaced. But according to Loopring's announcement, a hacker was able to get around the company's Official Guardian service and initiate recoveries on wallets with just one guardian without the users' consent.

Wallets that used multiple guardians or a different, third-party guardian were shielded from the exploit because, according to Loopring's website, more than half of the guardians are required to initiate transactions.

Blockchain data analysis indicates that two wallet addresses were involved in the security breach, with one wallet removing tokens valued at about $5 million from the compromised wallets. 

"We are working closely with the security professionals at Mist to figure out how our 2FA service was hacked. We have temporarily stopped all 2FA and Guardian-related operations in order to protect our users. The compromise has stopped as a result of this action," the protocol stated in its social media platform X announcement.

In an attempt to find the perpetrator, Loopring is collaborating with law enforcement and specialized security units. The protocol firm built on Ethereum also requested that anyone with any information that could help track down the hacker kindly share it. The investigations and inquiries will keep moving forward, and Loopring promises to keep members of the community updated. 

Blockchain security company Cyvers revealed the hacker's address, which, after exchanging the stolen assets for ether, holds over $5 million, in an X post from June 9. The address currently has over $5 million, or 1373, $ETH, after all the stolen digital assets were exchanged for $ETH. 

🚨ALERT🚨@loopringorg has announced that their Smart Contract Wallets are targeted with only one Guardian, specifically the Loopring Official Guardian!

The attack succeeded by breaching @loopringorg 's 2FA service, enabling the hacker to impersonate the wallet owner and get… https://t.co/X1HWE3pMQO

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 9, 2024

Since the hack was revealed by the protocol, Loopring's native token, LRC, has fallen by approximately 5% in the last day, reflecting the response of the market to the incident.

Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.