P2P Exchange Hodl Hodl Reports Security Issue
The non-custodial marketplace said some users' payment passwords might have been compromised.
Hodl Hodl, a noncustodial bitcoin marketplace, said it had to force-liquidate some users' contracts to prevent the loss of funds, pointing to a possible security issue.
"Unfortunately, our recent internal and external audit identified that some user payment passwords might have been compromised," the Hodl Hodl team wrote in a blog post on Monday. "This affected a limited number of contracts, but we are taking proactive measures to ensure that everyone is safe." The team said it is investigating the issue and working on safely moving funds from potentially compromised contracts.
Hodl Hodl declined to comment on the situation but promised to publish a report as soon as the issues are investigated and fixed. "We have contacted external auditors and are doing external and internal audits on a daily basis," according to the blog post.
Answering questions on Twitter, Hodl Hodl's official account said the platform did not liquidate all contracts on the platform, only some.
Hodl Hodl is a peer-to-peer noncustodial marketplace. It doesn't store users' funds but provides a way for them to buy, sell, lend and borrow bitcoin from each other in an automated fashion. Hodl Hodl weighs in only when there is a dispute about a payment.
Users lock bitcoin in multisignature escrow wallets and use their personal payment passwords to release funds from it. Some of those passwords, according to Hodl Hodl's statement, might have been compromised.
Later the same day, Hodl Hodl tweeted that the platform started forced liquidation "in those contracts that are still in In progress stage but are considered as 'high risk.' This is done to assure safety of YOUR funds. In order to complete the Liquidation process we will need you to undersign the Liquidation as well."
A day later, Hodl Hodl published an explanation in its blog and apologized for not communicating with users in a more straightforward way. The team also published a PGP key on the website and in the blog to prove the social network accounts of Hodl Hodl had not been compromised.
More details of the situation will come later in the blog, CEO Max Keidun told CoinDesk.
Hodl Hodl is one of the few places allowing users to buy bitcoin for fiat without sending funds to the third-party wallet of a centralized exchange. The company is owned by the team and a small number of investors, including the centralized exchange Bitfinex.