Loopring, a Layer 2 ZK-Rollup Protocol built on Ethereum, recently fell victim to an attack on its Smart Wallets due to a security breach. The breach occurred just a few hours ago and specifically targeted wallets with only one Guardian, particularly the Loopring Official Guardian. The company confirmed the incident through its social media platform X.
Alert: Loopring Smart Wallets Compromised
A security breach targeted Loopring Smart Wallets a few hours ago, exploiting wallets with only one Guardian, specifically the Loopring Official Guardian. The hacker initiated a Recovery process, pretending to be the wallet owner and resetting ownership to redeem assets.
In a detailed post, Loopring explained that the attacker was able to successfully execute the exploit by compromising the 2FA service. This allowed the attacker to impersonate wallet owners, gaining authorization for the Recovery process from the Official Guardian and carrying out transactions on the targeted wallets.
Loopring assured the community that it is actively working with security experts from Mist to investigate the compromised 2FA service and enhance consumer protection measures. As a temporary measure, the company has suspended 2FA and Guardian-related operations.
Following the exploit, the attacker exchanged the stolen digital assets for $ETH, bringing the compromise to an end. Loopring is collaborating with security professionals and law enforcement to track down the culprit, as the address currently holds over $5 million worth of $ETH.