NFTs

Loopring’s ‘Most Secure’ Smart Wallet Breached For $5 Million

2 Mins read


The attacker managed to compromise Loopring’s 2FA service.

Loopring, an Ethereum Layer 2 network, reported a security breach on Sunday that resulted in the loss of $5 million worth of tokens.

Hackers exploited Smart Wallets which relied on a single Guardian, specifically targeting the Loopring Official Guardian.

“The attack succeeded by compromising Loopring’s 2FA service, allowing the hacker to impersonate the wallet owner and gain approval for the Recovery from the Official Guardian,” Loopring tweeted. “Subsequently, the attacker transferred assets out of the affected wallets.”

Loopring describes its Smart Wallet as the “most secure Ethereum wallet,” which supports social recovery, multi-signature security, and integration with Layer 2 solutions.

The Guardian service allows users to designate trusted wallets for security actions such as locking compromised wallets or restoring access if the seed phrase is lost. In this breach, the hacker bypassed the official Guardian service and was able to impersonate wallet owners to initiate recovery processes.

In response to the attack, the company said it has temporarily suspended all Guardian-related and 2FA-related operations to prevent further breaches.

Loopring has also shared two wallet addresses that it claims were used in the attack. Blockchain data reveals that one of these wallets drained around 1,373 ETH, worth $5 million.

Loopring’s native token, LRC, dropped 2% on the news.

Surge in Smart Wallet Adoption

Smart Wallets have been gaining traction after ERC-4337 enabled account abstraction on the Ethereum mainnet. The update allows users to customize their wallets for specific needs, including automated transactions, multi-signature wallets, and social recovery.

Introduced in September 2021 by Vitalik Buterin, ERC-4337 has brought new Smart Wallet capabilities. Buterin promoted features like “social recovery,” which eliminates recovery phrases.

Before ERC-4337, some companies had already pioneered their own smart wallet functionalities. Loopring and Argent, for instance, developed their own Smart Wallets back in 2020. More recently, Coinbase launched its Smart Wallet.

While Smart Wallets improve functionality and provide a better user experience (UX), they also come with new risks and attack vectors that traditional externally owned accounts (EOA) wallets don’t face.

In April, when EIP-3074 was approved for inclusion in Ethereum’s next major upgrade, Pectra, several key figures in the Ethereum community warned that these capabilities could make wallets more vulnerable to scams.

“It should allow a scammer to drain your entire wallet with a single off-chain signature,” warned Itamar Lesuisse, the co-founder of Argent, a Starknet wallet provider. “I expect this will be a major use case.”



Source link

Related posts
NFTs

A Complete Guide to Ethereum in 2024

4 Mins read
One blockchain is at the heart of the modern web3 landscape – Ethereum. As the first blockchain to support smart contracts, and…
NFTs

AI Meets Crypto: The Decentralized Revolution in Venture Capital and Finance

1 Mins read
The game is changing. The walls of the VC fortress are crumbling; a more open and equitable system is coming. It’s time…
NFTs

Judge Failla Orders SEC to Provide Documents in Coinbase Case, Excludes Gensler Testimony

1 Mins read
A New York judge, Judge Failla, has ordered the U.S. Securities and Exchange Commission (SEC) to provide certain documents requested by Coinbase…

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *