UPDATED 23:41 EST / FEBRUARY 08 2016

NEWS

Bitcoin stolen from lending startup Loanbase in alleged hack

Bitcoin lending startup Loanbase, Inc. is claiming to have been hacked, although fortunately for customers and the company alike the amount stolen was not huge.

Loanbase advised customers of the hack via email and its Facebook page on Sunday, explaining they had first detected unauthorized access early in the morning of Saturday, February 6.

The company says the hack came via a hole in a WordPress blog, and gave the hackers access to their SQL database, meaning that sensitive user information may have been accessed including e-mail addresses, phone numbers, names, and other sensitive information.

It’s not clear at this point what occurred next as Loanbase doesn’t describe what happened, but presumably, somehow the hackers used the data from the database to access Bitcoin wallets held by customers.

Loanbase says it believes the loss is “roughly” around 8 Bitcoins ($2,976) but could be as high as 20 Bitcoins ($7440), and all affected customers will be fully reimbursed the amount stolen.

Ticks and crosses

It must be said first and foremost that Loanbase should be praised for its full transparency in disclosing the hack, how it occurred, and more importantly what they are doing about it, which at the time includes taking their website down, resetting passwords, rejecting any withdrawals that have been approved but not processed, and implementing additional security procedures; many other companies can learn a lesson here.

The hack though does raise serious questions about how Loanbase has its Bitcoin wallets setup to begin with.

Let’s just presume that the hackers gained access to the wallets via access to a WordPress database: what information was in a WordPress database to begin with, and is WordPress the right platform to be using to run a financial services business?

Secondly, and most important, two-factor authentication (2fa) would have immediately limited access to stored Bitcoin, so it can only be presumed that it wasn’t in place for these customers; there is some suggestion that customers are given a choice of using 2fa or not with Loanbase but best practice in 2016 is to not give customers a choice as to whether they want to use 2fa or not, and to make it compulsory to avoid exactly what has happened here.

If you’re a customer affected by the Loanbase hack, you can follow the latest updates on what the company is doing on its Facebook page here.

Image credit: chodhound/Flickr/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU