Loopring, an L2 ZK-Rollup Protocol on Ethereum, has witnessed an attack on its Smart Wallets because of a security breach. As per the platform, the attack took place a few hours back in which the exploiter targeted the wallets having just one Guardian, particularly Loopring Official Guardian. The company acknowledged the incident on its social media platform X.
A few hours ago, some Loopring Smart Wallets were targeted in a security breach. The attack exploited wallets with only one Guardian, specifically the Loopring Official Guardian. The hacker initiated a Recovery process,… pic.twitter.com/Y9mYC4j9QJ
— Loopring💙 (@loopringorg) June 9, 2024
Loopring Sees the Exploit of Smart Wallets Caused by a Security Breach
In its long post, the platform provided the details of the event. It noted that the exploiter started a Recovery procedure. In this respect, the attacker pretended to be the wallet owner resetting the ownership and redeeming assets. As a result of this, the attacker successfully conducted the exploit. According to the platform, the attacker compromised the 2FA service of Loopring to execute the attack.
The respective move permitted the attacker to impersonate the owners of the wallets. Hence, the exploiter obtained authorization for the Recovery procedure from the Official Guardian. Following that, the exploiter reportedly transacted assets from the targeted wallets. While moving on, the platform assured the community about its efforts to counter the respective event.
The company revealed that it is working in an active collaboration with the security experts from Mist. In this way, it intends to determine the reason why the 2FA service thereof got compromised. Apart from that, the company has also attempted to protect the consumers. For this purpose, it has provisionally suspended the 2FA and Guardian-related operations.
The Attacker Swaps Stolen Assets for $ETH
It also brought to the front that after this operation, the compromise ended. On the other hand, the attacker has swapped the exploited digital assets for $ETH. Moreover, the firm is cooperating with professional security groups and law enforcement to reach the culprit. The address presently holds more than $5 million 1373 $ETH.