Loopring suffered a $5 million hack after its ‘Guardian’ two-factor authentication service was compromised.

loop ring LRC

-3.53%
The zkEVM protocol, built on top of Ethereum, suffered a security breach involving its ‘Guardian’ two-factor authentication service, the protocol announced on Sunday, with a website advertising its smart wallet application as “Ethereum’s most secure wallet.”

The Guardian service allows users to select the wallet name of a trusted individual or institution to assist with security tasks, such as locking a compromised wallet or restoring seed phrases if they are lost. However, hackers bypassed Loopring’s official Guardian service and began recovering wallets with a single Guardian without the user’s permission, Loopring said in an announcement. According to the Loopring website, wallets that use multiple guardians or use different third-party guardians have been protected from exploits because more than half the guardians are required to initiate a transaction.

Loopring also shared two wallet addresses implicated in security breaches in its protocol. According to blockchain data, one wallet was able to exfiltrate approximately $5 million worth of tokens from the affected wallets.

“We are actively working with Mist security experts to determine how our 2FA service was compromised. To protect our users, we have temporarily suspended Guardian-related and 2FA-related operations. This action has stopped the compromise.” The protocol was written. Announcement about X. Loopring could not immediately be reached for comment by The Block.

Loopring also reported that it was working with law enforcement to track down the culprits and asked that anyone with additional information about the hack share it with Protocol.

While the attack was likely unexpected to the team, Loopring’s risk disclosure statement identifies compromise of the Guardian service as a potential attack vector and recommends that users identify at least three guardians. The Loopring website says, “After your wallet is created, the Loopring official guardian service is added to your wallet by default. As a centralized service, Loopring official guardian can be attacked and controlled by hackers.” .

According to The Block’s pricing page, Loopring’s native token has fallen about 5% in the past 24 hours after the protocol disclosed the hack.

Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.

© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.