February 10, 2016 By Larry Loeb 2 min read

LoanBase, a bitcoin lending site, sent out a security warning to its users on Feb. 7 saying it had been breached by cybercriminals.

Breach Notice

While the email notice from LoanBase was not officially made public, one user allegedly posted a copy of the statement to Reddit.

“We’ve discovered that there was a security breach, which resulted in the loss of roughly around 8 BTC,” the Office of Inadequate Security quoted the notice as saying. “At this stage this is an estimate based on the confirmed breach of 4 user accounts. The maximum amount which may have been lost does not exceed 20 BTC.”

LoanBase went on to describe the attack further, noting that the compromised accounts were not protected by two-factor authentication. Additionally, the attackers managed to gain access to the company’s SQL database, which houses personal information of users, via a vulnerability in the site’s content management system.

An Underlying Problem

We know this much: Attackers managed to breach the company through WordPress. This exploit does not seem to be the same as some previous WordPress attacks that have recently come to attention, such as the attacks leveraging TeslaCrypt.

WordPress is open source and has many known vulnerabilities in the PHP code that powers it. The underlying problem for LoanBase was that its WordPress blog was on the same server as its business area, leaving the entire enterprise open to attack.

Some users opined on public forums that once WordPress was compromised, the financial database, which was probably the same mySQL database, would be easy pickings. That seems to be exactly what happened.

Though the financial losses may be contained, the continuing problem may be misuse of the user information contained in the business database. LoanBase maintains identification documentation for a prolonged period regardless of whether a user requests to have an account deactivated (rather than actually deleted). Such a strategy may aid in money laundering investigations but can also impact user confidentiality.

What’s Next for the Bitcoin Lending Site?

As of this writing, the LoanBase site is active, but the blog area is disabled. One remediation method that LoanBase may apply is the use of static content. Static content would shield the active code of WordPress from attacker exploitation. The static content also loads faster since it does not need to be interpreted. Of course, moving WordPress to another server away from the financial system seems like a good idea.

All users of WordPress must consider the takeaway here: Don’t put the CMS on the same server as your business. Isolate it well to enhance security.

More from

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today