Loopring suffers $5 million hack after 'Guardian' two-factor authentication service is compromised

Bitget App

Trade smarter

The Block2024/06/09 15:31

By:The Block

Quick Take Loopring, the ZK-rollup based protocol built on Ethereum, had its two-factor authentication based Guardian wallet recovery service compromised in a hack, the company recently disclosed. About $5 million was drained from wallets protected by Loopring’s Guardian service, blockchain data shows.

Loopring LRC -4.76% , the zkEVM protocol built on Ethereum with a website that bills its smart wallet application as "Ethereum's most secure wallet," suffered a security breach related to its 'Guardian' two-factor authentication service, the protocol announced on Sunday.

Through the Guardian service, users can elect to name wallets of trusted individuals or institutions to assist in security operations such as locking a compromised wallet or restoring one if the seed phrase is lost. However, a hacker managed to bypass Loopring's own Official Guardian service to instigate recoveries on wallets with that single guardian without the users' permission, Loopring disclosed in its announcement. As more than half of guardians are needed to instigate transactions, according to Loopring's website , wallets that used multiple guardians or a different, third-party guardian were protected from the exploit.

Loopring also shared two wallet addresses the protocol says were involved in the security breach. Blockchain data shows one wallet was able to drain about $5 million worth of tokens from the affected wallets.

"We are actively collaborating with Mist security experts to determine how our 2FA service was compromised. To protect our users, we have temporarily suspended Guardian-related and 2FA-related operations. Following this action, the compromise has ceased," the protocol wrote in its announcement on X. Loopring was unable to be immediately reached for comment by The Block.

Loopring also reported that it's working with law enforcement to trace the perpetrator and requested that anyone with additional information about the hack share it with the protocol.

While the attack was likely a surprise for the team, Loopring's risk disclosure statement identifies a compromise to its Guardian service as a potential attack vector, and recommends users identify at least three guardians. "After your Wallet is created, we will add Loopring Official Guardian service to your Wallet by default. As a centralized service, Loopring Official Guardian may be attacked and controlled by hackers," Loopring's website reads .

Loopring's native token has fallen about 5% in the last 24 hours following the protocol's disclosure of the hack, according to The Block's Price Page .

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.

APR up to 10%. Always on, always get airdrop.

Lock now!

European Central Bank President Christine Lagarde said bitcoin is not an option as a reserve asset for the Eurozone’s central bank reserves, citing liquidity, security and regulatory concerns.Meanwhile, the Czech National Bank approved a proposal from Governor Aleš Michl to assess diversifying some of its country’s reserves into bitcoin.

The Block•2025/01/30 21:34

'Inevitable collapse': Trump’s crypto push sparks concern at Paul Singer's Elliott Management: FT

The hedge fund said in a new investor letter that the “inevitable collapse” of the crypto bubble “could wreak havoc,” according to the Financial Times.Elliott’s Paul Singer has never been a fan of crypto, telling WSJ in 2023 that cryptocurrencies are “completely lacking in any value.”

The Block•2025/01/30 21:34