Loopring Experiences Severe Attack on Its Smart Contract Wallets

Loopring, an L2 ZK-Rollup Protocol on Ethereum, recently experienced a severe attack on its Smart Wallets due to a security breach. The attack specifically targeted wallets with only one Guardian, notably the Loopring Official Guardian. Loopring acknowledged the incident on its social media platform, informing users about the breach.

The platform provided details of the attack, stating that the attacker initiated a Recovery process by pretending to be the wallet owner and resetting ownership. This allowed the attacker to redeem assets and successfully exploit the wallets. The attack was made possible by compromising Loopring’s 2FA service.

By impersonating wallet owners and obtaining authorization from the Official Guardian, the attacker proceeded to transact assets from the targeted wallets. Loopring assured its community that it is actively working with security experts from Mist to investigate how the 2FA service was compromised. As a temporary measure, the company has suspended 2FA and Guardian-related operations to protect consumers.

After the attack, the compromised assets were swapped for $ETH by the attacker. Loopring is cooperating with professional security groups and law enforcement to identify and apprehend the culprit. The address currently holds over $5 million worth of 1373 $ETH.