Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Hacker Drains $5 Million from Loopring Wallets Using Guardian Service Exploit

Hacker Drains $5 Million from Loopring Wallets Using Guardian Service Exploit

BeInCryptoBeInCrypto2024/06/10 10:13
By:BeInCrypto

On Sunday, Loopring, the Ethereum-based ZK-rollup protocol, experienced a major security breach. This incident resulted in losses reaching millions of dollars.

The attack targeted the Guardian wallet recovery service, exploiting a vulnerability in the two-factor authentication (2FA) process.

Loopring Collaborates with Experts and Authorities After the Hack

Loopring’s Guardian service lets users designate trusted wallets for security tasks, such as locking a compromised wallet or restoring one if the seed phrase is lost. The hacker bypassed this service , initiating unauthorized wallet recoveries with a single guardian.

By compromising Loopring’s 2FA service, the hacker impersonated the wallet owner. This allowed the hacker to gain approval for the recovery process, reset ownership, and withdraw assets from the affected wallets. The exploit mainly affected wallets that lacked multiple or third-party guardians.

Read more: 9 Crypto Wallet Security Tips To Safeguard Your Assets

The team identified two wallet addresses involved in the breach . On-chain data indicates one wallet drained approximately $5 million from the compromised wallets, which have now completely swapped to Ethereum (ETH).

Loopring explained that they are collaborating with Mist security experts to determine how the hacker compromised their 2FA service. They have also temporarily suspended Guardian-related and 2FA-related operations to protect users, which stopped the compromise.

“Loopring is working with law enforcement and professional security teams to track down the perpetrator. We will continue to provide updates as soon as the investigation progresses,” it added .

The incident occurred after crypto market data aggregator CoinGecko was victim to a data breach via its third-party email service provider, GetResponse. On June 5, the hacker compromised the account of a GetResponse employee and exported nearly 2 million contacts from CoinGecko’s account.

This attacker then dispatched 23,723 phishing emails using the account of a different GetResponse client. The malicious actors didn’t use CoinGecko’s domain to send harmful emails.

CoinGecko further assured its users that the hacker did not compromise their accounts and passwords despite the breach. However, the leaked data did include users’ names, email addresses, IP addresses, and the locations where emails were opened.

Read more: Top 5 Flaws in Crypto Security and How To Avoid Them

CoinGecko has advised users to be vigilant in response to the breach, especially when receiving emails purporting to offer airdrops . The platform also urged users to avoid clicking links or downloading attachments from unexpected emails and adhere to recommended security measures.

1

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

MARA's stock jumps after raising $1 billion via convertible notes to buy more bitcoin

MARA Holdings announced the successful closing of its $1 billion offering of 0% convertible senior notes due 2030.The bitcoin miner plans to allocate around $199 million of the proceeds to repurchase $212 million in principal of its existing convertible notes due 2026. The remaining funds will be used to acquire more bitcoin.

The Block2024/11/21 16:11

Gold loses luster as institutional demand fuels bitcoin price surge, analysts say

Bitcoin’s 46% surge over the past month, contrasted with gold’s 3% decline, highlights a shifting investor preference toward alternative store-of-value assets, analysts say.Derivatives traders are buying up bitcoin call options ahead of Trump’s inauguration, signaling strong bullish sentiment for the beginning of 2024.

The Block2024/11/21 16:11

SEC is 'engaging' Solana ETF applicants: report

SEC “engaging” on Solana ETF applications, sparking optimism for potential approval in 2025.VanEck, 21Shares, and Bitwise lead Solana ETF filings amid pro-crypto White House hopes.SOL token rises 4.6% to $247.91, bolstered by Solana’s strong DeFi ecosystem and demand.

The Block2024/11/21 16:11