Loopring wallets suffer $5 million attack

Loopring, the Ethereum network’s zero-knowledge protocol, suffered a security breach in its smart wallets, linked to the Loopring Official Guardian. As a result, the failure caused losses of US$5 million in assets that were in the portfolios.

According to a message published by the team over the weekend, the project is collaborating with security agencies to track down criminals. The failure occurred due to the compromise of the two-factor authentication (2FA) system, which gave hackers control over the stolen funds.

Failure causes serious losses

Loopring revealed that the hacker targeted a subset of the wallet that exploited Guardian vulnerabilities. In this way, he managed to invade all wallets that were part of this subset.

Posing as wallet owners, the hacker managed to bypass security and carry out the invasion. This allowed them to initiate unauthorized recoveries on wallets that relied exclusively on Guardian, without real users’ permission.

By specifically targeting Official Guardian and the 2FA service, the attacker siphoned substantial assets from multiple wallets. Two of these wallets were discovered by security firm Cyvers Alert. Etherscan data revealed that one of the wallets linked to the hacker stole around $5 million in assets.

The wallet has already exchanged the cryptocurrencies for Ethereum (ETH) and moved it to another address. However, she still has 1,373 ETH worth $5 million.

However, Loopring made it clear that the hacker did not gain access to all wallets, only those protected by the protocol’s Guardian. The hacker was unable to break into wallets that employ multiple Guardians or that used third-party protection.

On its X account, Loopring confirmed the attack and highlighted that it is working with Mist security experts and law enforcement agencies to determine how its two-factor authentication service was compromised.

To protect users, the protocol temporarily suspended all operations related to the affected Guardian and 2FA services, which prevented the hacker from continuing to act. The team urged anyone with information about the attack to reach out to members of Loopring.

According to data from CoinGecko, Loopring’s native token, LRC, suffered a slight drop when news of the attack emerged, losing 2.7% of its value. As of the writing of this article, the price of the token is US$0.22.