Loopring suffers $5 million hack after 'Guardian' two-factor authentication service is compromised
Quick Take Loopring, the ZK-rollup based protocol built on Ethereum, had its two-factor authentication based Guardian wallet recovery service compromised in a hack, the company recently disclosed. About $5 million was drained from wallets protected by Loopring’s Guardian service, blockchain data shows.
Loopring LRC -4.76% , the zkEVM protocol built on Ethereum with a website that bills its smart wallet application as "Ethereum's most secure wallet," suffered a security breach related to its 'Guardian' two-factor authentication service, the protocol announced on Sunday.
Through the Guardian service, users can elect to name wallets of trusted individuals or institutions to assist in security operations such as locking a compromised wallet or restoring one if the seed phrase is lost. However, a hacker managed to bypass Loopring's own Official Guardian service to instigate recoveries on wallets with that single guardian without the users' permission, Loopring disclosed in its announcement. As more than half of guardians are needed to instigate transactions, according to Loopring's website , wallets that used multiple guardians or a different, third-party guardian were protected from the exploit.
Loopring also shared two wallet addresses the protocol says were involved in the security breach. Blockchain data shows one wallet was able to drain about $5 million worth of tokens from the affected wallets.
"We are actively collaborating with Mist security experts to determine how our 2FA service was compromised. To protect our users, we have temporarily suspended Guardian-related and 2FA-related operations. Following this action, the compromise has ceased," the protocol wrote in its announcement on X. Loopring was unable to be immediately reached for comment by The Block.
Loopring also reported that it's working with law enforcement to trace the perpetrator and requested that anyone with additional information about the hack share it with the protocol.
While the attack was likely a surprise for the team, Loopring's risk disclosure statement identifies a compromise to its Guardian service as a potential attack vector, and recommends users identify at least three guardians. "After your Wallet is created, we will add Loopring Official Guardian service to your Wallet by default. As a centralized service, Loopring Official Guardian may be attacked and controlled by hackers," Loopring's website reads .
Loopring's native token has fallen about 5% in the last 24 hours following the protocol's disclosure of the hack, according to The Block's Price Page .
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
MARA's stock jumps after raising $1 billion via convertible notes to buy more bitcoin
MARA Holdings announced the successful closing of its $1 billion offering of 0% convertible senior notes due 2030.The bitcoin miner plans to allocate around $199 million of the proceeds to repurchase $212 million in principal of its existing convertible notes due 2026. The remaining funds will be used to acquire more bitcoin.
Gold loses luster as institutional demand fuels bitcoin price surge, analysts say
Bitcoin’s 46% surge over the past month, contrasted with gold’s 3% decline, highlights a shifting investor preference toward alternative store-of-value assets, analysts say.Derivatives traders are buying up bitcoin call options ahead of Trump’s inauguration, signaling strong bullish sentiment for the beginning of 2024.
SEC is 'engaging' Solana ETF applicants: report
SEC “engaging” on Solana ETF applications, sparking optimism for potential approval in 2025.VanEck, 21Shares, and Bitwise lead Solana ETF filings amid pro-crypto White House hopes.SOL token rises 4.6% to $247.91, bolstered by Solana’s strong DeFi ecosystem and demand.
Shiba Inu Developer Says SHIB Is No Longer a Memcoin