- Loopring has announced cooperation with external entities like blockchain security experts to trace the $5 million stolen from its wallets
- Loopring said the hacker accessed the funds by compromising the platform’s 2FA system
- The platform has also involved law enforcement agencies
Ethereum scaling network Loopring has announced that it’s working with blockchain security experts like SlowMist and law enforcement agencies to investigate a hack that left a $5-million hole in the network’s balance sheet. Loopring disclosed that the attacker gained access to the wallet after compromising its 2FA function allowing him to claim ownership. One of the two hacker addresses provided by Loopring still holds the $5 million, increasing the chances of recovery or the hacker demanding a bounty.
2FA Operations Halted
According to the network, the hacker targeted wallets with a single guardian, making it easy to initiate a recovery process and successfully claim ownership. The protocol noted that SlowMist will help determine how the attacker managed to trick its 2FA system.
Edit + update:
We are working with @SlowMist_Team and some other security experts and authorities to continue to investigate this incident.
We will update the community here as soon as we have more information to share.
Security and user protection remain our top priorities.
— Loopring💙 (@loopringorg) June 9, 2024
Loopring has temporarily halted “2FA-related operations,” to mitigate further losses. Apart from investigating loopholes in its 2FA system, the network is also working with third parties “to track down the perpetrator.” The protocol stressed that it remains committed to securing and protecting its users.
The Loopring hack comes less than a week after crypto exchange Binance denied being responsible for losses incurred by a user after his account was hacked. Binance said that the user downloaded a malicious Google Chrome extension that gave attackers access to his account.
Orbit Chain Hacker Moves Funds
It also comes two days after the Orbit Chain hacker moved stolen funds to Tornado Cash, five months after compromising the cross-chain bridge. Orbit Chain had offered $8 million as a bounty to anyone who would help identify the hacker.
🚨ONGOING: $100M Orbit Chain Exploiter sends $32M to Tornado Cash after 5 months silence
In the past hour, the Orbit Chain Exploiter moved 8671 ETH ($32M) to a new address and is currently in the process of depositing it to Tornado Cash.
They stole over $100M in ETH and DAI… pic.twitter.com/Bq7BRdXqmc
— Arkham (@ArkhamIntel) June 8, 2024
Bug bounty platform ImmuneFi recently disclosed that malicious actors in the blockchain world are targeting DeFi protocols more than centralized entities.
With Loopring admitting it was hacked, it’s to be seen when the hack will lower the confidence its users have in the platform.
