Loanbase, a Bitcoin P2P lending platform formerly known as BitLendingClub, has sent a security bulletin to all its customers informing them that a breach has taken place in the early morning hours on the 6th of February.
According to the update, the total amount of funds stolen was 8 BTC. Security staff from Loan base estimate that the login details of four customer accounts were compromised.
“We detected that the unauthorized access of the user accounts occurred early in the morning on February 6th and continued throughout the day.”
Although the current estimate stands at 8 BTC, the bulletin said that the maximum loss will not exceed 20 BTC.
Those accounts apparently did not have two-factor authentication setup, which made the beach a lot easier for the perpetrators. The intrusion into Loanbase’s servers took place via a WordPress security hole that allowed the hackers to access the SQL database, which happens to contain sensitive user details such as emails, phone numbers and names.
Loanbase staff have made a promise to reimburse customers who have lost funds in this incident.
“Yes, we will return all the funds of the users who have had an unauthorized withdrawal.”
The security bulletin stated that the site has been taken down for a security update and all pending withdrawals have been suspended.
“Any withdrawals which were approved, but not processed yet, will all be rejected.”
Reddit users have criticized Loanbase for using the WordPress platform, which is known to have plenty of vulnerabilities.
Image credit: 1
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.