A data breach at Bitcoin lending platform Loanbase led to the loss of customers’ bitcoins.
The company, in its official statement, blamed a WordPress bug for the glitch, stating that the breach resulted into the loss of around 8 Bitcoins (equivalent to around $3,000). The money was stolen after an alleged hacking attempt on Loanbase’s four user accounts. Loanbase also clarified that the maximum losses don’t exceed 20 BTC.
According to their post, the company detected an unauthorized entry into those accounts, which didn’t have the two-factor authentication enabled. This security feature (2FA), which is also known as two-step verification, makes use of a QR code under Google Authenticator and requires the user to scan the code using the login device.
Since the breach, which likely took place on February 6, Loanbase has taken down its website to integrate fresh security protocols. This includes password reset for all its users, expired 2FA tokens, and rejected all approved withdrawals. The company has also said that it will refund the stolen bitcoin.
These hacking and theft incidents are not new in the bitcoin world, as several sites have also been victim to malware or phishing attacks. In Loanbase’s case, the hackers were able to access the site’s SQL database and might’ve leaked or used sensitive user information such as email addresses, names, and phone numbers.
Earlier this year, bitcoin exchange Cryptsy also admitted that it suffered a hacking attack that led to even larger losses of 13,000 bitcoin and around 300,000 litecoin. This was accomplished through an IRC backdoor inserted into a bitcoin wallet code, making it act like a Trojan and take control of the site.
Loanbase clarified that these hackers were not able to access bitcoin wallets themselves and cited that they will provide more details on how their WordPress blog had a security loophole.
Users have been requested to change their passwords and update their 2FA to ensure that login information taken by the hackers will no longer be valid once the website is back up.
Loanbase was previously known as BitLendingClub prior to its rebranding and getting a seed investment from a Bulgarian company in 2014. The company has been around since the early days of cryptocurrency developments, allowing users to invest or borrow funds through the use of blockchain technology.
In doing so, the company provides small businesses in emerging markets to take on loans at affordable rates and from various sources all over the globe. As of this writing, Loanbase has funded 9,573 loans for 1,974 satisfied borrowers for a total of $7,158,625 in funding and 4,200 active investors.
The company is in the middle of conducting an internal investigation on the hacking incident and its WordPress blog component is still down, although its main website is back up and running. Loanbase has ensured that its team is working overtime to implement additional security measures and will keep everybody posted on the outcome of their investigation through e-mail, Twitter, and Facebook.