Loopring’s innovative Guardian Smart Wallet System has recently been compromised in a hack that resulted in the loss of over $5 million from affected wallets. The breach, which occurred on Sunday, was detailed in a post on June 10th by the Ethereum ZK-rollup protocol.
The Guardian system, a unique safety feature implemented by Loopring, allows users to appoint trusted third parties to act as a safety net in case of recovery needs, eliminating the risks associated with commonly used seed phrases. However, during the hack, the unknown party managed to bypass Loopring’s 2FA security measures by impersonating a wallet owner and initiating a recovery process to drain user assets.
The hacker specifically targeted addresses with only one Guardian listed, including the official company Guardian provided by the protocol. Following the attack, the hacker swiftly transferred the digital assets into their own wallet and exchanged them for Ether (ETH).
Loopring has taken immediate action to address the security breach, collaborating with security experts to investigate the compromise of their 2FA service. As a precaution, they have temporarily suspended Guardian-related and 2FA-related operations to prevent any further compromises.
Upset users of the Ethereum ZK-rollup protocol have expressed their frustration on social media, criticizing the lack of additional Guardians as a preventive measure. Loopring has responded by offering compensation to those affected by the hack and has vowed to provide updates on their progress in tracking down the hacker through collaboration with law enforcement and security teams.
Users who may have information about the hacker’s wallet address are encouraged to come forward. Loopring remains committed to ensuring the security of their platform and will continue to keep their community informed as the investigation unfolds.
