On May 7th „Starkware“, the specialist for scalability and privacy at Blockchain, discovered a very dangerous security error in the interface of Loopring, the well-known decentralized exchange protocol. This error put at risk a 5 million dollar fund that owns the platform.
Starkware alerted Loopring, who closed the platform and quickly fixed the error.
Any criminal could have copied all the users‘ keys
The error originated because Loopring users have two keys; an Ethereum key and a personal key. However, the wallet interface used a 32-bit integer to derive each user’s private key. This could have allowed a criminal to replicate each key on the platform.
Access websites using your cryptpto wallet instead of a password
After Starkware showed the fault to Loopring, he immediately closed the platform while the problem was being fixed.
The Ether (ETH) keys of Loopring’s users were not at risk of
- Bitcoin Evolution
- Bitcoin Circuit
- Bitcoin Code
- The News Spy
- Bitcoin Revolution
- Bitcoin Era
- Bitcoin Billionaire
- Bitcoin Profit
- Immediate Edge
- Bitcoin Trader
Loopring announced that they have since repaired the security breach by strengthening the method by which key pairs are produced. They have also cancelled the transactions of existing users until they have changed their passwords.
They also confirmed that no users‘ money was lost due to the failure, and praised Starkware for giving them the warning. Starkware in turn thanked Loopring for their professional and timely response in dealing with the error.
The fact that the error was identified, reported and repaired before the general public discovered it shows the solidarity of the Decentralized Finance (DeFi) community and how it has developed over the past few years.
The ransomware Maze group hacked two plastic surgeons
Ross Middleton, CEO of DeversiFi, who will soon launch a new platform in collaboration with Starkware, explained the importance of this:
„If decentralized, unguarded exchanges want to conduct exchanges like Binance and Kraken do, then they [must] prove that their technology is as secure as their alternatives. Starkware’s rapid discovery of a Loopring flaw is an example of how much DeFi has grown in vulnerability management.