The Loopring Wallet development team positioned their app as "the most secure Ethereum wallet." It was based on the ZK-Rollups second-level technology, which supports fast and cheap transactions using zero-knowledge proofs, as well as the Guardian two-factor authentication service.
However, as it became known on Sunday, the Loopring protocol was hacked due to security breaches of the Guardian two-factor authentication service. With the help of Guardian, users could assign special rights to the wallets of trusted individuals or institutions in order to block a compromised Loopring wallet or restore access to it in case of loss of the original phrase.
However, the hacker managed to bypass the 2FA service and initiate wallet recovery using a single data keeper without notifying and authorizing the user of the crypto wallet. The attack was successful — the hacker impersonated the owner of the wallet, received approval for recovery and withdrew about $ 5 million.
The Loopring team has asked for help from law enforcement agencies and companies specializing in investigating crypto crimes to block stolen assets and track down the attacker.
Earlier, a user known as Nakamao told the public about the hacking of his account on Binance and accused the crypto platform of failing to comply with security measures, as a result of which he lost $1 million worth of crypto assets. Binance co-founder Yi He rejected the user's accusations and commented that the loss of crypto assets was due to a hacked user's personal device, and not because of a "breach" in Binance's security systems.