Bitcoin stolen from lending startup Loanbase in alleged hack

Bitcoin stolen from lending startup Loanbase in alleged hack

Bitcoin lending startup Loanbase, Inc. is claiming to have been hacked, although fortunately for customers and the company alike the amount stolen was not huge.

Loanbase advised customers of the hack via email and its Facebook page on Sunday, explaining they had first detected unauthorized access early in the morning of Saturday, February 6.

The company says the hack came via a hole in a WordPress blog, and gave the hackers access to their SQL database, meaning that sensitive user information may have been accessed including e-mail addresses, phone numbers, names, and other sensitive information.

It’s not clear at this point what occurred next as Loanbase doesn’t describe what happened, but presumably, somehow the hackers used the data from the database to access Bitcoin wallets held by customers.

Loanbase says it believes the loss is “roughly” around 8 Bitcoins ($2,976) but could be as high as 20 Bitcoins ($7440), and all affected customers will be fully reimbursed the amount stolen.

Ticks and crosses

It must be said first and foremost that Loanbase should be praised for its full transparency in disclosing the hack, how it occurred, and more importantly what they are doing about it, which at the time includes taking their website down, resetting passwords, rejecting any withdrawals that have been approved but not processed, and implementing additional security procedures; many other companies can learn a lesson here.

The hack though does raise serious questions about how Loanbase has its Bitcoin wallets setup to begin with.

Let’s just presume that the hackers gained access to the wallets via access to a WordPress database: what information was in a WordPress database to begin with, and is WordPress the right platform to be using to run a financial services business?

Secondly, and most important, two-factor authentication (2fa) would have immediately limited access to stored Bitcoin, so it can only be presumed that it wasn’t in place for these customers; there is some suggestion that customers are given a choice of using 2fa or not with Loanbase but best practice in 2016 is to not give customers a choice as to whether they want to use 2fa or not, and to make it compulsory to avoid exactly what has happened here.

RELATED:  Numerous fake Bitcoin wallet apps discovered in Apple iTunes App Store

If you’re a customer affected by the Loanbase hack, you can follow the latest updates on what the company is doing on its Facebook page here.

Image credit: chodhound/Flickr/CC by 2.0
Duncan Riley

Duncan Riley

Duncan Riley is a senior writer at SiliconANGLE covering Startups, Bitcoin, and the Internet of Things.

Duncan is a co-founder of VC funded media company B5Media and founder of news site The Inquisitr, and was a senior writer at TechCrunch in its earlier days.

Tips? Press releases? Intersting startup? email: duncan@nichenet.com.au or contact Duncan on Twitter @duncanriley
Duncan Riley

SIGN UP FOR THE SiliconANGLE NEWSLETTER!

Join our mailing list to receive the latest news and updates from our team.

SIGN UP FOR THE SiliconANGLE NEWSLETTER!

Join our mailing list to receive the latest news and updates from our team.

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Share This

Share This

Share this post with your friends!