banner

Loopring Security Breach: $5 Million in Tokens Stolen Due to 2FA Compromise

The Ethereum Layer 2 network, Loopring, reported a significant security breach on Sunday, resulting in the theft of $5 million worth of tokens. The attackers compromised Loopring’s two-factor authentication (2FA) service, targeting the network’s Smart Wallets that relied on a single Guardian, specifically the Loopring Official Guardian.

Details of the Attack

Loopring’s Smart Wallet, known for its high security with social recovery, multi-signature support, and Layer 2 integration, was compromised when hackers bypassed the 2FA service. This allowed the attackers to impersonate wallet owners and gain approval for asset recovery from the Official Guardian. Once access was secured, the hackers transferred assets out of the affected wallets.

In response to the breach, Loopring has temporarily halted all Guardian-related and 2FA-related operations to prevent further incidents. The company also shared the wallet addresses used in the attack, revealing that one wallet drained approximately 1,373 ETH, valued at $5 million. The news caused Loopring’s native token, LRC, to drop by 2%.

Surge in Smart Wallet Adoption

Smart Wallets have gained popularity following the implementation of ERC-4337, which enabled account abstraction on the Ethereum mainnet. This update allows for wallet customization, automated transactions, multi-signature wallets, and social recovery features. Introduced by Vitalik Buterin in September 2021, ERC-4337 has significantly enhanced Smart Wallet capabilities, eliminating the need for recovery phrases.

Prior to ERC-4337, companies like Loopring and Argent had already developed their own Smart Wallet functionalities. More recently, Coinbase also launched its Smart Wallet. While Smart Wallets offer improved functionality and user experience, they also introduce new risks and attack vectors not present in traditional externally owned accounts (EOA) wallets.

In April, with the approval of EIP-3074 for Ethereum’s next major upgrade, Pectra, several key figures in the Ethereum community expressed concerns about increased vulnerability to scams. Itamar Lesuisse, co-founder of Starknet wallet provider Argent, warned that these new capabilities could enable scammers to drain entire wallets with a single off-chain signature.

Conclusion

The recent security breach at Loopring underscores the importance of continuously improving and securing Smart Wallets. While they offer significant benefits and enhanced user experiences, the evolving landscape of blockchain technology necessitates vigilance against new threats and vulnerabilities. Loopring’s response to the breach and the ongoing investigation will be crucial in restoring confidence and ensuring the safety of user assets in the future.

banner

Disclaimer: Not Investment Advice

it’s crucial to understand that the information provided here is not to be construed as investment advice. The crypto market is dynamic and highly speculative, and decisions should be made based on thorough personal research and consideration of individual risk tolerance. Always consult with financial professionals and conduct your own due diligence before making any investment decisions. The intention of this exploration is to present insights and trends, not to provide specific investment recommendations.

Follow Us

Top Selling Multipurpose WP Theme

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

banner

Crypto feed news

Our team of crypto enthusiasts and market mavens is on a mission to deliver the latest, juiciest, and most insightful updates from the ever-evolving world of cryptocurrencies.

@CryptoFeedNews 2023 All Right Reserved. Designed and Developed by TheDevThingz

Skip to content