Loopring, a Layer 2 ZK-Rollup Protocol operating on the Ethereum network, recently fell victim to a security breach that resulted in an attack on its Smart Wallets. The breach, which occurred just a few hours ago, specifically targeted wallets with only one Guardian, particularly the Loopring Official Guardian. The company promptly acknowledged the incident on its social media platform X.
Incident Alert: Loopring Smart Wallets Compromised
The breach involved an exploit of Loopring Smart Wallets with only one Guardian, namely the Loopring Official Guardian. The hacker initiated a Recovery process, posing as the wallet owner to reset ownership and redeem assets. This allowed the attacker to successfully carry out the exploit by compromising Loopring’s 2FA service.
In response to the breach, Loopring detailed the event in a comprehensive post, explaining how the attacker leveraged the compromised 2FA service to impersonate wallet owners and gain authorization for the Recovery process from the Official Guardian. Subsequently, the attacker proceeded to transfer assets from the targeted wallets. Loopring reassured its community that it was actively working to address the situation.
The company disclosed that it was collaborating closely with security experts from Mist to investigate the compromise of the 2FA service. As a precautionary measure, Loopring temporarily suspended 2FA and Guardian-related operations to protect its users. Following the exploitation, the attacker exchanged the stolen digital assets for $ETH, prompting Loopring to engage professional security teams and law enforcement in the pursuit of the culprit. The address currently holds over $5 million 1373 $ETH as a result of the breach.