The Loopring protocol, built on the Ethereum network scaling solution ZK-Rollups, was hacked through the compromise of the Guardian wallet recovery service.

The Loopring Wallet development team positioned their application as “the most secure Ethereum wallet.” It was based on ZK-Rollups second-layer technology, which supports fast and cheap transactions using zero-knowledge proofs, as well as the Guardian two-factor authentication service.

However, as it became known on Sunday, the Loopring protocol was hacked due to security breaches of the Guardian two-factor authentication service. With Guardian, users could assign special rights to wallets of trusted individuals or institutions to block a compromised Loopring wallet or restore access to it if the seed phrase was lost.

However, the hacker managed to bypass the 2FA service and initiate wallet recovery using a single data custodian without the knowledge or permission of the crypto wallet user. The attack was successful – the hacker impersonated the owner of the wallet and received OK for restoration and withdrew about $5 million.

The Loopring team sought the help of law enforcement agencies and companies specializing in investigating crypto crimes to block the stolen assets and track down the attacker.

Previously, a user known as Nakamao told the public about his Binance account being hacked and accused the crypto platform of failing to comply with security measures, as a result of which he lost $1 million worth of crypto assets. Binance co-founder Yi He rejected the user’s accusations and commented that the loss loss of crypto assets occurred due to a hacked user’s personal device, and not due to a “breach” in Binance’s security systems.