Loopring, a protocol designed to enhance decentralised exchanges by facilitating secure and scalable trading, recently experienced a significant security breach resulting in the theft of $5 million. The breach occurred due to a flaw in Loopring's two-factor authentication (2FA) system used in its Official Guardian service.
Behind the Breach
The attack on Loopring unfolded when hackers identified and exploited a weakness in the 2FA mechanism of the Official Guardian service. This service is designed to act as a protective measure for Loopring wallets, ensuring security against unauthorised transactions and aiding in private key recovery. The vulnerability in the 2FA recovery system allowed the attackers to bypass security controls, particularly affecting users who depended solely on Loopring's Official Guardian for wallet protection.
This incident is a strong reminder that every security control can fail, including 2FA, that's why it's so important to build in redundancy in security and not rely on only one mechanism.
Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.
You build the future. We help you secure it.