Loopring observed that the attacker impersonated the wallet owner to reset ownership and redeem assets.