Loopring was hacked, the 'most secure wallet' was lost, and $5 million disappeared in an instant!
Recently, the decentralized finance (DeFi) platform Loopring suffered a serious hacker attack, resulting in a loss of approximately US$5 million. This attack targeted Loopring’s “Guardian” two-factor authentication (2FA) service. This service should be an important barrier to protect the security of user assets, but unfortunately it was exploited by hackers.
Loopring has always been known for its high level of security and is even known as "the most secure wallet on Ethereum". The attack revealed that even the most advanced security systems can have vulnerabilities. Hackers cleverly exploited a security vulnerability in Loopring's official guardian service to perform illegal recovery operations on wallets using a single guardian.
It is understood that the guardian service is a special feature provided by Loopring, which allows users to invite trusted wallets to perform specific security tasks. However, in this attack, hackers successfully reset the wallet ownership of some users through the service and then extracted the digital assets contained therein.
Only wallets using a single guardian, specifically the official Loopring guardian, were affected, while wallets with multiple guardians or using other types of guardians were unscathed.
In response to this attack, Loopring took quick action. They announced that they have cooperated with the well-known security company Mist Security to jointly identify and fix vulnerabilities in the 2FA service.
At the same time, in order to protect users’ asset security, Loopring also decided to temporarily stop all Guardian and 2FA functions to prevent further illegal access by hackers.
Loopring is also actively trying to track down the identity of the hacker and has issued a request to the community for any information that could help track the hacker. As of now, the identity of the hacker remains a mystery.
This attack undoubtedly dealt a serious blow to Loopring's reputation and market position. Since the attack was disclosed, the price of Loopring’s native token LRC has fallen by about 5%, reflecting market concerns and uneasiness about the incident.
