Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Ethereum Layer 2 protocol Loopring posted on Twitter that the some Loopring Smart Wallets were targeted in a security breach. The attack exploited wallets with only one Guardian, specifically the Loopring Official Guardian. The hacker initiated a Recovery process, falsely posing as the wallet owner to reset ownership and withdraw assets. The attack succeeded by compromising Loopring's 2FA service, allowing the hacker to impersonate the wallet owner and gain approval for the Recovery from the Official Guardian. Subsequently, the attacker transferred assets out of the affected wallets. Attack method (per SlowMist): Security Vulnerability. Reported loss: $ 5,000,000.
- chain
- ethereum
- protocol
- Loopring
- bug_class
- unknown
- date_occurred
- 2024-06-09
- loss_usd
- $5,000,000
- source_id
- sm:loopring::2024-06-09