Ethereum

Loopring Wallet Breach: Understanding the Exploit

Loopring, the Ethereum ZK-Rollup protocol, reported on June 9 that some of its smart wallets had been exploited for an undisclosed amount.

Following this news, Loopring’s LRC token fell about 4% to a four-month low of $0.21. CryptoSlate’s data.

$5 million loss

Blockchain security company Cybers Alert reported that approximately 1,373 ETH worth $5 million were stolen in the breach.

Loopring previously described its smart wallet as the “most secure wallet” on the Ethereum blockchain. This is because smart wallets have security measures designed to protect against asset theft.

However, the company explained that the two-factor authentication service was compromised, allowing a malicious attacker to initiate a recovery process, reset ownership, and withdraw assets. Loopring said:

“The attack succeeded by compromising Loopring’s two-factor authentication (2FA) service, allowing hackers to impersonate the wallet owner and obtain approval for recovery from the official guardian. The attacker then transferred assets from the affected wallets.”

Meanwhile, Loopring said it is working with blockchain security company SlowMist to determine how its 2FA service was compromised. The team has temporarily halted Guardian and other 2FA-related work. It added:

“Loopring is working with law enforcement and professional security teams to track down the perpetrators. We will keep you updated as the investigation progresses.”

smart wallet

This breach occurs when smart wallets gain traction in the Ethereum community.

Support for smart wallets has surged over the past year with the activation of the Ethereum Foundation’s ERC-4337 account abstraction on the Ethereum mainnet. This technology allows users to customize their digital asset management.

Prominent figures such as Vitalik Buterin and organizations such as Coinbase have endorsed the technology, which is expected to be part of the upcoming Pectra hard fork.

But decentralization advocate Chris Blec said the Loopring incident shows “smart wallets are not ready for their prime” and urged users to “stick to a properly secured seed phrase for maximum safety and sovereignty.” He advised.

Likewise, Pratik Kala, Head of Research at Liquid Digital Assets, said:

“Smart wallets are all the rage (now), but with new technologies comes new attack vectors. “I will overcome this in time, but I will stay safe and use a hardware wallet (an important asset).”

Mentioned in this article

Related Articles

Back to top button