Loopring’s Guardian Smart Wallet System Hacked For $5 Million
Ethereum ZK-rollup Loopring’s smart wallet ‘guardian’ system fell victim to a breach Sunday that saw over $5 million drained from affected wallets, the protocol revealed in a June 10 X post detailing the hack.
Loopring Reveals Hackers Evaded ‘Guardian’ Protections Hack
Loopring employs an additional safety feature known as its ‘guardian’ system, where users can appoint more than one trusted third party (such as a friend or family member) to operate as an authenticity “safety net” in case a recovery is needed while removing any risks from a commonly used seed phrase.
During Sunday’s hack, the unknown party successfully bypassed the organization’s 2FA security while impersonating a wallet owner to initiate a recovery process and drain user assets.
🚨Incident Alert: Loopring Smart Wallets Compromised🚨
A few hours ago, some Loopring Smart Wallets were targeted in a security breach. The attack exploited wallets with only one Guardian, specifically the Loopring Official Guardian. The hacker initiated a Recovery process,… pic.twitter.com/Y9mYC4j9QJ
— Loopring💙 (@loopringorg) June 9, 2024
Sunday’s hacker apparently only went after addresses with only one ‘guardian’ listed, including the protocol’s official company guardian dedicated to operating as a safety net for users who elected not to use their own.
Shortly after the attack, the Loopring hacker seemingly transferred the digital assets into their wallet and traded them for Ether (ETH).
“We are actively collaborating with Mist security experts to determine how our 2FA service was compromised,” the protocol said in a statement. “To protect our users, we have temporarily suspended Guardian-related and 2FA-related operations. Following this action, the compromise has ceased.”
Users Respond After Ethereum ZK-Rollup Hacked
Upset Loopring users took to social media to vent their frustration over the hack, with one sharing that it was “not a good look” for the software.
According to its website, Loopring claims to be “Ethereum’s most secure wallet” and supposedly “provides transactions at 100x lower fees than Ethereum without sacrificing any of its security.”
One commenter alleged that users would not have fallen victim to the breach had they simply added more guardians.
“This is exactly why the app asks you to set up multiple guardians and even notifies you to do so if you haven’t every time you log in,” one X user replied. “That’s a lot of people who ignored the warnings daily and this unfortunate event happened.”
Loopring has since opened up compensation claims for the negatively impacted by the hack and will provide further updates on social media as they become available.
“Loopring is working with law enforcement and professional security teams to track down the perpetrator,” the company continued. “We will continue to provide updates as soon as the investigation progresses.”
Users who have any information about the hacker’s wallet address have been asked to come forward.
