In an email sent to its customers yesterday, Loanbase revealed that it had discovered a security breach that occurred on the morning of February 6, 2016.
The news was also shared on the company’s Facebook page, noting that the exploit targeted a security vulnerability in the WordPress blog. Preliminary investigation confirmed the breach of 4 user accounts and a loss of around 8 bitcoins (approx. $3000), although this figure could go up to 20 BTC (approx. $7500).
Notably, the four compromised accounts’ users hadn’t enabled two-factor authentication (2FA), an added security feature that’s commonly found among banks and e-commerce websites including Amazon.
In a statement via its Facebook page, Coinbase stated:
We’ve discovered that there was a security breach, which resulted in the loss of roughly around 8 BTC. At this stage this is an estimate based on the confirmed breach of 4 user accounts.
The maximum amount which may have been lost does not exceed 20 BTC.
Users who have been the targets of unauthorized withdrawals will have their funds reimbursed, Coinbase confirmed.
As a security measure, the website is currently under maintenance.
The company also notes that it will include additional security protocols for improved detection and protection against such breaches.
Bitcoin and User Information Theft
Loanbase also revealed that the malicious attackers gained access to the company’s SQL database. The breach of the database makes it entirely plausible that the hackers accessed user information such as names, email addresses, phone numbers and other user account details.
During the website’s current downtime, Coinbase also confirmed the following:
- All user passwords have been reset.
- All 2FA tokens have also been reset. The company recommends users to change their passwords and update their 2FA settings, once the website is back up and running.
- All withdrawals that were approved but haven’t been processed yet will be rejected, as a security measure.
The peer-to-peer platform, formerly known as BitLendingClub prior to its rebranding has been an ever-present since the early days of the cryptocurrency, having been founded in 2013. A Bulgarian company at the time, BitLendingClub saw a seed investment of €200,000 toward the end of 2014.
Coinbase didn’t immediately respond to a CCN request for a comment at the time of publishing.