Softpedia >News >Security >Incidents
Softpedia Homepage   

Loanbase Hacked Due to WordPress Bug, Loses Customer Bitcoins

Loanbase blames WordPress blog for their data breach

Feb 8, 2016 09:48 GMT  ·  By
LoanBase's website in maintenance mode after security incident
   LoanBase's website in maintenance mode after security incident

Loanbase has sent out a security notice to all of its users informing them of a data breach that allowed unknown attackers to steal Bitcoins from its customers and access personal information.

Loanbase, formerly known as BitLendingClub, is a Bitcoin lending system that's been around since the early days of the crypto-currency.

In a statement released on their Facebook page and also sent out to all of the company's users via email, the company announced a data breach that took place due to a security hole in their WordPress blog.

Hackers stole 8 Bitcoin from 4 accounts

The company says that during the incident, sensitive user data like email addresses, phone numbers, and names may have been taken after the hackers accessed their SQL database.

Until now, Loanbase says they've discovered signs that the attackers accessed four user accounts and stole around 8 Bitcoin (~$3,000 / €2,650), and that the total amount of lost funds doesn't go over 20 Bitcoin (~$7,500 / €6,700).

All the hacked accounts didn't have 2FA (two-factor authentication) turned on. The company also says that it will reimburse all stolen funds.

The breach was announced yesterday, February 7, 2016, and Loanbase took down its website as a precaution and to apply security updates. The company says that its service should be back up again by today.

To prevent further abuse, Loanbase staff also reset passwords for all users, expired all 2FA tokens, and rejected all approved withdrawals, just in case.

Not the first time a Bitcoin company is hacked and robbed

This is the second case where a Bitcoin service has been robbed in the past month. At the start of January, the Cryptsy Bitcoin exchange announced that hackers managed to steal 13,000 Bitcoin and 300,000 Litecoin, which amounts to around $5.7 million / €5.2 million.

In that case, Cryptsy was hacked and robbed via an IRC backdoor inserted into the code of a wallet. The person behind the robbery has not been unmasked or caught. Cryptsy's management put a 1,000 Bitcoin reward for any leads on his identity or whereabouts.