Loopring, an Ethereum zero-knowledge rollup protocol, announced on Sunday that its smart wallet had suffered a major security breach, with attackers impersonating wallet owners to reset ownership and redeem assets.

The attack was allegedly linked to Loopring's official Guardian service, and the project is currently working with security and law enforcement agencies to investigate how the two-factor authentication system was compromised and hunt down the cybercriminals.

Loopring officially discloses the theft

According to a comprehensive announcement released by Loopring on the X platform, the attacker targeted a subset of wallets and exploited a vulnerability in the official Guardian service. This caused some wallets in Loopring to fall victim to this security breach.

The attackers bypassed Loopring's authorized Guardian service by impersonating wallet owners, thus performing unauthorized recovery of wallets that relied on the infected Guardian without the actual user's permission.

Loopring and blockchain audit firm Cyvers Alert identified and publicly shared information about two malicious wallets. On-chain data from Etherscan shows that one of the hacker’s wallets stole assets worth about $5 million from the compromised wallet, and the wallet has converted these cryptocurrencies into ETH and currently holds 1,373 ETH worth $5 million.

It is worth noting that not all wallets were affected. Wallets that use multiple guardians or choose other third-party guardians were not affected by the recent vulnerability. In order to protect users, Loopring has temporarily stopped all Guardian-related and 2FA-related operations, effectively preventing further attacks.

Commitment to protect investors

Loopring issued a statement on its X platform, saying it is working with the Mist security team and law enforcement agencies to find out why its two-factor authentication service was attacked and track down the malicious attackers behind it.

To ensure user safety, Loopring has urgently suspended all operations involving Guardian services and two-factor authentication, effectively curbing further attacks. Loopring calls on everyone who knows about this security vulnerability to provide information and guarantees that it will update the situation in a timely manner during the investigation.

At the same time, Loopring emphasized in the report their unwavering commitment to resolutely protecting the interests of users.

According to Coingecko data, Loopring's native token LRC has slightly reacted after the news of the attack, and is currently trading at $0.2199, down 2.7% in the past 24 hours and 18% in the past 7 days. Loopring firmly stated in the report that they are committed to safeguarding the interests of users. $LRC

Conclusion:

The security incident of Loopring Smart Wallet reminds the entire cryptocurrency community that even in systems that use advanced technologies such as zero-knowledge proofs, there are still potential security risks.

At the same time, the Loopring team's quick response and commitment to solving the problem show their emphasis on the security of user assets. This incident also highlights the ongoing security challenges in the cryptocurrency field and the need for security measures to be updated synchronously as innovative technologies develop rapidly.

As the investigation deepens, the community expects Loopring to provide more robust security measures to prevent similar incidents from happening again and protect investors' assets from loss. #Loopring #安全漏洞 #智能钱包 #资产安全