Loopring suffers $5 million loss after hacker exploits 2FA vulnerability

Loopring, a decentralized finance (DeFi) protocol built on Ethereum, recently experienced a significant security breach that resulted in a $5 million loss.

The attack exploited a vulnerability in Loopring’s Guardian two-factor authentication (2FA) service, which is designed to enhance the security of its smart wallet application.

Hacker circumvents Guardian service

The Guardian service allows Loopring users to invite trusted wallets to assist with security measures, such as freezing compromised wallets or recovering wallets if the seed phrase is lost.

However, a hacker managed to bypass this service and initiate unauthorized wallet recoveries on accounts that used a single guardian.

Wallets that had multiple guardians or used a third-party guardian were not affected by the breach.

Blockchain analysis revealed that two wallets were involved in the attack, with one wallet being completely drained of approximately $5 million worth of tokens.

Loopring halts Guardian and 2FA services

In response to the attack, Loopring announced on social media platform X that it is working with Mist Security to identify the vulnerability in the 2FA service.

To protect users, Loopring has temporarily suspended all Guardian and 2FA-related operations, ensuring no further unauthorized access is possible.

Loopring is actively seeking the perpetrator and has requested any relevant information from the public to assist in the investigation.

LRC token value drops 5% following breach

Since the announcement of the breach, Loopring’s native token, LRC, has experienced a decline of roughly 5%, currently trading at $0.2171.

This drop reflects the market’s reaction to the security incident and the potential impact on the protocol’s reputation and user trust.

Loopring initiates security review

Loopring’s Guardian service, designed to enhance the security of its smart wallet application, was exploited by a hacker who managed to circumvent the single guardian setup.

This allowed the attacker to initiate unauthorized recoveries on affected wallets, resulting in a $5 million loss. Wallets using multiple or third-party guardians were not impacted.

Blockchain data identifies two wallets involved

Blockchain analysis confirmed that two wallets were involved in the hack, with one wallet being completely drained of its tokens, amounting to approximately $5 million.

Loopring has halted its Guardian and 2FA services to prevent further unauthorized access while collaborating with Mist Security to determine the vulnerability.

Loopring’s native token LRC declines in value

Following the breach, Loopring’s native token, LRC, dropped by approximately 5%, currently trading at $0.2171.

The decline reflects the market’s response to the security incident and concerns over the protocol’s security measures.

What action has been taken to protect users?

In light of the security breach, Loopring has taken immediate action by suspending all Guardian and 2FA services.

This move is intended to prevent further unauthorized access and ensure the safety of user funds. The protocol is working with Mist Security to identify and rectify the vulnerability.

Community involvement in identifying the hacker

Loopring has appealed to the community for assistance in identifying the hacker. The protocol is cooperating with law enforcement and has urged anyone with information about the breach to come forward.

This collaborative effort aims to enhance security and prevent future incidents.

Market reaction: LRC token down 5%

The market’s reaction to the breach has been swift, with Loopring’s native token, LRC, experiencing a 5% decline.

The token is currently trading at $0.2171, highlighting the potential impact of the security incident on investor confidence and the protocol’s future.

The post Loopring suffers $5 million loss after hacker exploits 2FA vulnerability appeared first on Invezz