February 10, 2016 By Larry Loeb 2 min read

LoanBase, a bitcoin lending site, sent out a security warning to its users on Feb. 7 saying it had been breached by cybercriminals.

Breach Notice

While the email notice from LoanBase was not officially made public, one user allegedly posted a copy of the statement to Reddit.

“We’ve discovered that there was a security breach, which resulted in the loss of roughly around 8 BTC,” the Office of Inadequate Security quoted the notice as saying. “At this stage this is an estimate based on the confirmed breach of 4 user accounts. The maximum amount which may have been lost does not exceed 20 BTC.”

LoanBase went on to describe the attack further, noting that the compromised accounts were not protected by two-factor authentication. Additionally, the attackers managed to gain access to the company’s SQL database, which houses personal information of users, via a vulnerability in the site’s content management system.

An Underlying Problem

We know this much: Attackers managed to breach the company through WordPress. This exploit does not seem to be the same as some previous WordPress attacks that have recently come to attention, such as the attacks leveraging TeslaCrypt.

WordPress is open source and has many known vulnerabilities in the PHP code that powers it. The underlying problem for LoanBase was that its WordPress blog was on the same server as its business area, leaving the entire enterprise open to attack.

Some users opined on public forums that once WordPress was compromised, the financial database, which was probably the same mySQL database, would be easy pickings. That seems to be exactly what happened.

Though the financial losses may be contained, the continuing problem may be misuse of the user information contained in the business database. LoanBase maintains identification documentation for a prolonged period regardless of whether a user requests to have an account deactivated (rather than actually deleted). Such a strategy may aid in money laundering investigations but can also impact user confidentiality.

What’s Next for the Bitcoin Lending Site?

As of this writing, the LoanBase site is active, but the blog area is disabled. One remediation method that LoanBase may apply is the use of static content. Static content would shield the active code of WordPress from attacker exploitation. The static content also loads faster since it does not need to be interpreted. Of course, moving WordPress to another server away from the financial system seems like a good idea.

All users of WordPress must consider the takeaway here: Don’t put the CMS on the same server as your business. Isolate it well to enhance security.

More from

How prepared are you for your first Gen AI disruption?

5 min read - Generative artificial intelligence (Gen AI) and its use by businesses to enhance operations and profits are the focus of innovation in virtually every sector and industry. Gartner predicts that global spending on AI software will surge from $124 billion in 2022 to $297 billion by 2027. Businesses are upskilling their teams and hiring costly experts to implement new use cases, new ways to leverage data and new ways to use open-source tooling and resources. What they have failed to look…

Cybersecurity crisis communication: What to do

4 min read - Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook a key part of response preparedness: crisis communication.Because a brand’s reputation often takes a significant hit, a cyberattack can significantly affect the company’s future success…

Brands are changing cybersecurity strategies due to AI threats

3 min read -  Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. Interestingly, AI was both the cause of new issues as well as quickly becoming a common solution for those very same challenges.The study was conducted…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today