Peer-to-peer loan service provider Loanbase has reported a security breach and nearly 15 bitcoins have been discovered stolen from user accounts and that number may be up to 20 (roughly $7448.80 market rate).
Loanbase has reimbursed user accounts for the known lost amounts thus far.
A notice sent out Sunday read:
Loanbase Security Breach
We've discovered that there was a security breach, which resulted in the loss of roughly around 8 BTC. At this stage this is an estimate based on the confirmed breach of 4 user accounts. The maximum amount which may have been lost does not exceed 20 BTC. We detected that the unauthorized access of the user accounts occurred early in the morning on February 6th and continued throughout the day. For more information, please see below.
Here is what we know about the hack at this stage:
4 accounts were confirmed to be compromised.
The accounts compromised did not have two-factor authentication enabled.
The hackers did not gain access to the Bitcoin wallets.
The breach occurred via a security hole in the WordPress blog (we will provide more details later).
The hackers did gain access to our SQL database, this means that sensitive user information may have been leaked, such as: e-mail addresses, phone numbers, names, etc.
Will the funds be reimbursed to those that had an unauthorized withdrawal?
Yes, we will return all the funds of the users who have had an unauthorized withdrawal.
We're going to take the following steps:
We've taken down the website for a security update.
All of the passwords have been reset.
Any withdrawals which were approved, but not processed yet, will all be rejected.
We're going to implement additional security procedures, which will help with an earlier detection of such breaches.
Once we bring the website up, we will request that our users change their passwords and update their TFA.
Earlier today the current number of missing bitcoins discovered was under 15 and Loanbase then locked the accounts of all of its users and required everyone to create new passwords.
In total we have identified 15 user accounts which may have had unauthorized withdrawals. The total loss is estimated at 14.05496696 BTC. We have reimbursed all affected users, but if any of you notice unauthorized transactions, then please contact support immediately: [email protected]
Due to the recent security breach, we have locked your account. You will not be able to access your account until you reset your password. Please click on the link below in order to reset your password: LINK For security reasons, we have also reverted your two-factor authentication to your backup device, so you will have to use your phone to receive an SMS in order to pass the TFA verification upon login. Please generate a new two-factor authentication code, you will need your phone in order to receive an SMS and redo TFA. We apologize for any issues which may be caused by this.
Similar competing sites took this opportunity to get their names in the press as well by sending out a subsequent alert making sure everyone on earth was fully aware of the "big heist" at Loanbase. BTCPop sent out this notice:
CHANGE YOUR PASSWORD
Loanbase released a recent notice saying that it has been involved in a hack. They have provided information that suggests user data has been compromised and may have been leaked.We take security very seriously and urge all of our users who also have a Loanbase account to change their passwords. Given the information provided by Loanbase, we would be devastated if your BTCPOP account was accessible by other people.Changing your password is good security practice and helps to keep your private information, private.If you believe your BTCPOP account has been tampered with, we ask that you contact us via Live Support and we will help to resolve your problem.
Perhaps this was sent in good faith, but one can't help but suspect it was more of a finger pointing at security problems in an attempt to make another site look like an inferior one.
For good measure, its not an unrealistic request to perhaps change a password if you have accounts with either of these sites.
The Real Question
The real question here is why on earth would anyone hack a loan website in the first place?
You wouldn't really expect there to be any value there considering the people asking for money are obviously broke, those who received loans likely shot it off of the site the second they got it, the ones lending it have given it to them so they don't have any, and funding loans would be expected to be in some sort of escrow or otherwise unavailable in a hot wallet which pretty much just leaves a few stragglers of repaid loans in accounts of those who haven't moved the coins.
It's like the small time thief who never pays attention to the big fat sign that reads "NO MORE THAN $50 IS KEPT IN REGISTER" since cashiers periodically drop exceeding amount and large bills in a thick safe impractical to steal even if it were sitting on the front parking lot unattended, much less in broad daylight.
Those idiots never get away with much and from the looks of it neither did these.
Story by dinbits
image by dinbits staff