Hacker Drains $5 Million from Loopring Wallets Using Guardian Service Exploit

On Sunday, Loopring, the Ethereum-based ZK-rollup protocol, experienced a major security breach. This incident resulted in losses reaching millions of dollars.

The attack targeted the Guardian wallet recovery service, exploiting a vulnerability in the two-factor authentication (2FA) process.

Loopring Collaborates with Experts and Authorities After the Hack

Loopring’s Guardian service lets users designate trusted wallets for security tasks, such as locking a compromised wallet or restoring one if the seed phrase is lost. The hacker bypassed this service , initiating unauthorized wallet recoveries with a single guardian.

By compromising Loopring’s 2FA service, the hacker impersonated the wallet owner. This allowed the hacker to gain approval for the recovery process, reset ownership, and withdraw assets from the affected wallets. The exploit mainly affected wallets that lacked multiple or third-party guardians.

Read more: 9 Crypto Wallet Security Tips To Safeguard Your Assets

The team identified two wallet addresses involved in the breach . On-chain data indicates one wallet drained approximately $5 million from the compromised wallets, which have now completely swapped to Ethereum (ETH).

Loopring explained that they are collaborating with Mist security experts to determine how the hacker compromised their 2FA service. They have also temporarily suspended Guardian-related and 2FA-related operations to protect users, which stopped the compromise.

“Loopring is working with law enforcement and professional security teams to track down the perpetrator. We will continue to provide updates as soon as the investigation progresses,” it added .

The incident occurred after crypto market data aggregator CoinGecko was victim to a data breach via its third-party email service provider, GetResponse. On June 5, the hacker compromised the account of a GetResponse employee and exported nearly 2 million contacts from CoinGecko’s account.

This attacker then dispatched 23,723 phishing emails using the account of a different GetResponse client. The malicious actors didn’t use CoinGecko’s domain to send harmful emails.

CoinGecko further assured its users that the hacker did not compromise their accounts and passwords despite the breach. However, the leaked data did include users’ names, email addresses, IP addresses, and the locations where emails were opened.

Read more: Top 5 Flaws in Crypto Security and How To Avoid Them

CoinGecko has advised users to be vigilant in response to the breach, especially when receiving emails purporting to offer airdrops . The platform also urged users to avoid clicking links or downloading attachments from unexpected emails and adhere to recommended security measures.