Loopring DEX Quickly Fixes Major Bug Before It Can Be Exploited

Published at: May 7, 2020

On May 7, Blockchain scalability and privacy specialist, Starkware, discovered a critical security vulnerability in the frontend wallet of Loopring’s decentralized exchange. This bug placed all $5 million worth of the exchange’s funds at risk.

Starkware alerted Loopring, who shut down the exchange and swiftly fixed the bug.

Potential attacker could create all user account keys

The vulnerability arose because Loopring users have two keys; an Ethereum key and a proprietary account key. However, the frontend wallet used a 32-bit integer to derive each user’s private key. This could have potentially allowed an attacker to reproduce every key on the platform.

After Starkware demonstrated the flaw to Loopring, the exchange sprung into action, immediately closing down the platform while a fix was put in place.

Loopring users’ Ether (ETH) account keys were not exposed by the vulnerability.

Pats on the back all round

Loopring announced that it has since patched the security flaw by strengthening the method by which keypairs are produced. It has also stopped order matching from existing users until they have changed their trading passwords, and hence updated their keypairs.

Loopring confirmed that no user funds were lost due to the vulnerability, and commended Starkware for its responsible disclosure. Starkware in turn, praised Loopring for its professional and timely response in dealing with the bug.

The fact that it was identified, communicated and fixed before the general public found out shows both the solidarity of the Decentralized Finance (DeFi) community, and how it has developed in recent years.

Ross Middleton, CFO of DeversiFi, which is soon to launch a new platform in collaboration with Starkware, explained the importance of this:

“If non-custodial decentralised exchanges want to take on exchanges like Binance and Kraken then they [must] demonstrate that their technology is just as safe or safer to use than existing options. Starkware’s quick discovery of a vulnerability in Loopring is an example of how much DeFi has matured in handling exploits.”

Tags
Related Posts
The perfect storm: DeFi hacks will advance the crypto sector moving forward
The rise of decentralized finance, or DeFi, could be paving the way toward a fully decentralized financial ecosystem. Yet, given the innovative nature of DeFi, the sector remains in constant development and is therefore prone to a number of vulnerabilities. Unsurprisingly, one of the biggest challenges currently facing the DeFi sector is security threats. This has become apparent as more DeFi hacks continue to wreak havoc across the crypto community. Most recently, the largest DeFi hack within the crypto industry took place. The Poly Network hack resulted in over $600 million dollars removed, and then returned, from Binance Chain, Ethereum …
Decentralization / Aug. 17, 2021
Developers of Ethereum DEX Protocol AirSwap Disclose Critical Exploit
Ethereum (ETH) decentralized exchange protocol AirSwap’s developers announced that they have discovered a critical vulnerability in the system’s new smart contract. AirSwap’s team announced its findings and a possible solution for all potentially affected users in a Medium post published on Sept. 13. A limited vulnerability Per the release, on Sept. 12 AirSwap’s development team found a vulnerability in a new smart contract, which has already been reverted to an older version in under 24 hours after the discovery. The exploit in question could have allowed an attacker to perform a swap without requiring a signature from a counterparty under …
Ethereum / Sept. 15, 2019
0x DEX Protocol Suspended Because of Vulnerability, Funds Safe
The Ethereum (ETH) smart contract of 0x (ZRX) decentralized exchange (DEX) protocol has been suspended after a vulnerability has been uncovered in its code, the project’s team announced in a Medium post published on July 13. Per the announcement, third-party security researcher samczsun warned the 0x team about the vulnerability in the exchange smart contract and, after evaluating it, the team suspended the exchange’s contract and the AssetProxy contracts. The vulnerability would have allowed an attacker to fill certain orders with invalid signatures. The announcement reassures that one has exploited this vulnerability and no users have lost their funds. The …
Ethereum / July 13, 2019
Industry players respond to Vitalik Buterin's thoughts on cross-chain ecosystems
Last week, Vitalik Buterin, Ethereum (ETH)'s co-founder, voiced his disapproval regarding the emergence of cross-chain bridges, citing security vulnerabilities due to their interdependency. In the days that followed however, developers working on cross-chain technologies largely dismissed his skepticism. In a statement to Cointelegraph, Kadan Stadelmann, chief technology officer of atomic swap blockchain Komodo, responded to Vitalik's critique: "What we ultimately need is true decentralization. For example, instead of relying on one or two trusted bridges that have a single point of failure, it would be better to work towards a future where we have numerous bridges that are secure, trustless, …
Adoption / Jan. 13, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022