Looprings Guardian 2FA Breach Results in 5 Million Crypto Theft

Loopring, a decentralized finance (DeFi) protocol built on Ethereum, was recently the target of a hack resulting in a $5 million loss. The attack was aimed at the ‘Guardian’ two-factor authentication (2FA) service, designed to enhance the security of Loopring’s smart wallet application, known as “Ethereum’s most secure wallet”.

The Guardian service allows users to invite trusted wallets to assist in security measures such as freezing a compromised wallet or recovering a lost seed phrase. The hacker managed to bypass Loopring’s Official Guardian service and conducted unauthorized recoveries on wallets with a single guardian. Wallets with multiple guardians or a different type of guardian were unaffected by the breach.

Analysis of the blockchain data revealed two wallets involved in the breach, with one wallet completely emptied of tokens valued at approximately $5 million. Loopring announced on social media platform X that they are collaborating with Mist Security to identify the vulnerability in the 2FA service. As a precautionary measure, Loopring has temporarily disabled all Guardian and 2FA functions to prevent unauthorized access.

The company is actively pursuing the unidentified hacker and has urged the public to provide any relevant information to aid in the investigation. Following the disclosure of the hack, Loopring’s native token LRC experienced a 5% drop in value over the past day, currently trading at $0.2171, reflecting the market’s response to the security breach.

In light of the incident, Loopring is taking steps to address the security vulnerability and ensure the protection of its users. The company remains committed to safeguarding the integrity of its platform and restoring trust in its services.