Hodl Hodl Explains August Security Issues, Puts Lending on Hold

The peer-to-peer bitcoin lending platform is closed for new deals until the planned relaunch in September.

Sep 3, 2021 at 10:37 a.m. UTC
Updated Sep 3, 2021 at 2:26 p.m. UTC

Anna Baydakova is an investigative reporter with a special focus on Eastern Europe and Russia. Anna owns a fraction of BTC.

Hodl Hodl, a non-custodial marketplace for bitcoin peer-to-peer purchases and loans, published an update on the security issue it reported in early August.

On Aug. 2, Hold Hodl reported a security issue on its platform for peer-to-peer bitcoin loans, named Lend. The team asked users to migrate their loan contracts to new escrows and get stronger payment passwords. Hodl Hodl also said it had to force-liquidate some of the contracts to keep users’ funds safe from possible attacks.

In an update on Friday, Hodl Hodl said two vulnerabilities were found in Lend’s code. The team did not identify any loss of users’ funds. However, it “had no guarantee that these vulnerabilities weren’t exploited already, and some user payment passwords weren’t obtained by bad actors,” according to a Sept. 2 blog post explaining why the team asked users to migrate their funds to new escrows.

Hodl Hodl also force-liquidated some of the most risky contracts, less than 1% of all contracts, the blog post said.

Hodl Hodl does not store users’ funds and runs on what the team calls bitcoin smart contracts, allowing users to generate multisignature escrow wallets in which the bitcoin gets locked until the deal is complete. This allows people to trade bitcoin for fiat money or borrow USD-denominated stablecoins, like USDT, for collateral without parking their funds with a third-party entity, as centralized platforms do.

In late July, Hodl Hodl hired a new auditing firm to check the security of its code, and the firm found two vulnerabilities. “One of them allowed to easily brute force weak passwords. Another one was found in the front end of our lending platform. This vulnerability could lead users to input their payment passwords into a fake form (produced and generated by the attacker), allowing them to access the user’s private key,” Hodl Hodl wrote.

The issue applied only to the lending product, not the trading product, CEO Max Keidun told CoinDesk. He confirmed no funds had been stolen.

The team is now working on “new extra security features, which will be a part of a more significant update called Lend 2.0,” according to the blog. The new platform will be launched sometime in September, the company added, and will “contain major security and UI/UX improvements and use a different security and usability approach than the previous version.”

For now, the platform is closed to new loan contracts, which will become available after the relaunch. Existing contracts that haven’t expired yet are still running on the platform, Keidun said.



The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Anna Baydakova is an investigative reporter with a special focus on Eastern Europe and Russia. Anna owns a fraction of BTC.

CoinDesk - Unknown

Anna Baydakova is an investigative reporter with a special focus on Eastern Europe and Russia. Anna owns a fraction of BTC.

Trending

1
CoinDesk - Unknown
Las criptomonedas deberían cumplir con las mismas normas que las finanzas regulares, dice el G7

Los ministros de Economía y Finanzas quieren que la estabilidad financiera y los estándares de lavado de dinero entren en vigencia pronto, considerando la reciente agitación del mercado.

Los ministros de Economía y Finanzas quieren que la estabilidad financiera y los estándares de lavado de dinero entren en vigencia pronto, considerando la reciente agitación del mercado.

CoinDesk - Unknown
2
CoinDesk - Unknown
First a Hum and Then a Bang –Niagara Falls Residents Forced to Reckon With Crypto Mining

The city in New York has imposed a moratorium on new bitcoin mining operations as complaints about noise were compounded by an explosion and fire at a mining site last week.

The city in New York has imposed a moratorium on new bitcoin mining operations as complaints about noise were compounded by an explosion and fire at a mining site last week.

CoinDesk - Unknown
3
CoinDesk - Unknown
No es solo LUNA: las aplicaciones DeFi de Terra han perdido $28.000 millones

Los inversores han abandonado en gran medida el ecosistema Terra, ahora evidente en los protocolos DeFi en la blockchain, y los analistas siguen siendo escépticos sobre sus perspectivas a largo plazo.

Los inversores han abandonado en gran medida el ecosistema Terra, ahora evidente en los protocolos DeFi en la blockchain, y los analistas siguen siendo escépticos sobre sus perspectivas a largo plazo.

CoinDesk - Unknown
4
CoinDesk - Unknown
Crypto News Roundup for May 20, 2022

With bitcoin avoiding a steeper tumble and a look at what’s behind the biggest stablecoin of them all, CoinDesk’s "Markets Daily" is back with its latest news roundup.

With bitcoin avoiding a steeper tumble and a look at what’s behind the biggest stablecoin of them all, CoinDesk’s "Markets Daily" is back with its latest news roundup.

CoinDesk - Unknown