Loopring Smart Wallets Compromised: Major Security Vulnerability Exposed

full version at en.coinotag

On Sunday, Loopring, an Ethereum zero-knowledge roll-up protocol, revealed a significant security breach on its smart wallets, implicated to the Loopring Official Guardian.
The organization is collaborating with security professionals and law enforcement to investigate the breach of their two-factor authentication process and trace the cybercriminals involved.
“Incident Alert: Loopring Smart Wallets Compromised. Some Loopring Smart Wallets were targeted in a security breach, exploiting wallets with only one Guardian.”

Loopring’s security breach exposes critical vulnerabilities—investigation intensifies as collaboration with law enforcement agencies continues.

Loopring Official Guardian Compromised

In a detailed announcement via platform X, Loopring reported that attackers exploited vulnerabilities within the Loopring Official Guardian. Affected wallets were targeted due to their reliance on this compromised security layer.

The hacker bypassed Loopring’s official Guardian service by impersonating wallet owners, enabling unauthorized wallet recoveries without the users’ consent.

Strategically targeting the Official Guardian and 2FA service, the hacker drained substantial assets from several wallets.

Loopring, along with blockchain audit firm Cyvers Alert, identified and disclosed the two malicious wallets involved. Onchain data from Etherscan revealed that one hacker’s wallet obtained approximately $5 million worth of assets, which were subsequently converted to ETH, holding 1,373 ETH presently valued at $5 million.

It’s important to note that wallets utilizing multiple guardians or third-party guardians were not impacted by this exploit.

Ensuring Investor Safety

Loopring conveyed on their X platform that they are partnering with Mist security experts and law enforcement to understand the breach of their two-factor authentication and work towards apprehending the perpetrators.

To safeguard users, Loopring has paused all Guardian-related and 2FA-related actions, halting the vulnerability exploitation. They urge anyone with additional information to come forward and continue to provide updates as the investigation advances.

Loopring remains dedicated to protecting its users’ interests and is committed to transparency throughout this investigation.

According to data from Coingecko, Loopring’s native token, LRC, saw a slight market reaction following the incident. It is currently priced at $0.2199, marking a 2.7% decline in the last 24 hours and an 18% drop over the past week.

Conclusion

The recent breach within Loopring’s smart wallet ecosystem underscores the critical need for robust security measures. As the investigation continues, Loopring’s commitment to user protection and transparency will be paramount in restoring trust and ensuring future vulnerabilities are addressed.