Loopring Collaborates with Experts and Authorities After Hackers Exploit 2FA Vulnerability to Drain Millions of Dollars

On Sunday, Loopring, the Ethereum-based ZK-rollup protocol, experienced a major security breach. This incident resulted in losses reaching millions of dollars.

Loopring, an Ethereum-based ZK-rollup protocol, encountered a significant security breach on Sunday, leading to losses in the millions of dollars.

The attack exploited a vulnerability in Loopring's Guardian wallet recovery service, specifically targeting the two-factor authentication (2FA) process.

After the Hack, Loopring Cooperates with Experts and Authorities

Loopring's Guardian service enables users to designate trusted wallets for various security tasks, such as locking a compromised wallet or restoring one if the seed phrase is lost. However, the attacker managed to bypass this service, performing unauthorized wallet recoveries with a single guardian.

The vulnerability in Loopring's 2FA service allowed the attacker to impersonate the wallet owner, gaining approval for the recovery process, resetting ownership, and withdrawing assets from the affected wallets. Notably, the exploit primarily affected wallets that did not have multiple or third-party guardians.

The team has identified two wallet addresses involved in the breach. On-chain data reveals that one wallet drained approximately $5 million from the compromised wallets, which have now been fully swapped to Ethereum (ETH).

Loopring stated that they are working with Mist security experts to uncover the method used by the attacker to compromise their 2FA service. To safeguard users, Guardian-related and 2FA-related operations have been temporarily suspended, which ultimately halted the compromise.

“Loopring is working with law enforcement and professional security teams to track down the perpetrator. We will continue to provide updates as soon as the investigation progresses,” the team added.

This incident follows a recent data breach at crypto market data aggregator CoinGecko, which was accessed through its third-party email service provider, GetResponse.

On June 5, the attacker compromised the account of a GetResponse employee and exported nearly 2 million contacts from CoinGecko's account.

Subsequently, the attacker sent 23,723 phishing emails using the account of another GetResponse client. However, it's important to note that the malicious actors did not use CoinGecko's domain to send harmful emails.

CoinGecko also reassured its users that the breach did not compromise their accounts and passwords. Nevertheless, the leaked data included users' names, email addresses, IP addresses, and the locations where emails were opened.

In response to the breach, CoinGecko advised users to remain vigilant, particularly regarding emails offering airdrops. The platform also highlighted the importance of avoiding links or email attachments from unfamiliar senders and adhering to recommended security measures.