Loopring, a Layer 2 ZK-Rollup Protocol on the Ethereum network, recently fell victim to an attack on its Smart Wallets due to a security breach. The incident occurred a few hours ago, targeting wallets with only one Guardian, specifically the Loopring Official Guardian. The company addressed the issue on its social media platform X.
Incident Alert: Loopring Smart Wallets Compromised
Loopring witnessed a breach in security with some of its Smart Wallets being targeted by an exploiter. The attacker took advantage of wallets with a single Guardian, specifically focusing on the Loopring Official Guardian. The hacker initiated a Recovery process, as detailed in a lengthy post by the platform.
In the post, Loopring explained that the exploiter began a Recovery procedure by posing as the wallet owner to reset ownership and redeem assets. This allowed the attacker to successfully exploit the system. The platform revealed that the attacker compromised Loopring’s 2FA service to carry out the attack.
By compromising the 2FA service, the attacker could impersonate wallet owners, gaining authorization for the Recovery procedure from the Official Guardian. Subsequently, the exploiter proceeded to transfer assets from the targeted wallets. Loopring assured its community that it is actively working to address the incident.
The company disclosed that it is collaborating with security experts from Mist to investigate the breach of its 2FA service. Additionally, Loopring has taken steps to protect its users by temporarily suspending 2FA and Guardian-related operations.
The Attacker Exchanges Stolen Assets for $ETH
Following the exploitative operation, the compromise was resolved. However, the attacker exchanged the stolen digital assets for $ETH. Loopring is working with professional security teams and law enforcement to identify the culprit, as the address currently holds over $5 million in 1373 $ETH.