Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 949
- Points
- 113
The Loopring protocol, built on the basis of the scaling solution for the ZK-Rollups Ethereum network, was hacked through the compromise of the Guardian wallet recovery service.
The Loopring Wallet development team has positioned its app as "the most secure Ethereum wallet." It is based on the second-level technology ZK-Rollups, which supports fast and cheap transactions using zero-knowledge proofs, as well as the Guardian two-factor authentication service.
However, as it became known on Sunday, the Loopring protocol was hacked due to security breaches of the Guardian two-factor authentication service. With Guardian, users could assign special rights to the wallets of trusted individuals or institutions in order to block a compromised Loopring wallet or restore access to it if the original phrase was lost.
However, the hacker managed to bypass the 2FA service and initiate wallet recovery with the help of a single data custodian without notifying and authorizing the user of the crypto wallet. The attack was successful — the hacker pretended to be the owner of the wallet, received approval for recovery, and withdrew about $5 million.
The Loopring team asked for help from law enforcement agencies and companies that specialize in investigating crypto crimes to block stolen assets and track down the attacker.
The Loopring Wallet development team has positioned its app as "the most secure Ethereum wallet." It is based on the second-level technology ZK-Rollups, which supports fast and cheap transactions using zero-knowledge proofs, as well as the Guardian two-factor authentication service.
However, as it became known on Sunday, the Loopring protocol was hacked due to security breaches of the Guardian two-factor authentication service. With Guardian, users could assign special rights to the wallets of trusted individuals or institutions in order to block a compromised Loopring wallet or restore access to it if the original phrase was lost.
However, the hacker managed to bypass the 2FA service and initiate wallet recovery with the help of a single data custodian without notifying and authorizing the user of the crypto wallet. The attack was successful — the hacker pretended to be the owner of the wallet, received approval for recovery, and withdrew about $5 million.
The Loopring team asked for help from law enforcement agencies and companies that specialize in investigating crypto crimes to block stolen assets and track down the attacker.
