P2P Exchange Hodl Hodl Reports Security Issue

Hodl Hodl, a noncustodial bitcoin marketplace, said it had to force-liquidate some users' contracts to prevent the loss of funds, pointing to a possible security issue.

"Unfortunately, our recent internal and external audit identified that some user payment passwords might have been compromised," the Hodl Hodl team wrote in a blog post on Monday. "This affected a limited number of contracts, but we are taking proactive measures to ensure that everyone is safe." The team said it is investigating the issue and working on safely moving funds from potentially compromised contracts.

Hodl Hodl declined to comment on the situation but promised to publish a report as soon as the issues are investigated and fixed. "We have contacted external auditors and are doing external and internal audits on a daily basis," according to the blog post.

According to a user’s tweet, the issue pertained to the Hold Hodl lending platform, which went live in October 2020. Users also reported the Hodl Hodl website was down for some time on Aug. 2.

Answering questions on Twitter, Hodl Hodl's official account said the platform did not liquidate all contracts on the platform, only some.

Hodl Hodl is a peer-to-peer noncustodial marketplace. It doesn't store users' funds but provides a way for them to buy, sell, lend and borrow bitcoin from each other in an automated fashion. Hodl Hodl weighs in only when there is a dispute about a payment.

Users lock bitcoin in multisignature escrow wallets and use their personal payment passwords to release funds from it. Some of those passwords, according to Hodl Hodl's statement, might have been compromised.

On Aug. 1, user HodlBits tweeted concerns about Hodl Hodl, saying they received an email from the company "where they are pushing us to close contracts in the next 2 hours," and the style of the email seemed weird. Hodl Hodl's official account responded that the emails were authentic.

Later the same day, Hodl Hodl tweeted that the platform started forced liquidation "in those contracts that are still in In progress stage but are considered as 'high risk.' This is done to assure safety of YOUR funds. In order to complete the Liquidation process we will need you to undersign the Liquidation as well."

A day later, Hodl Hodl published an explanation in its blog and apologized for not communicating with users in a more straightforward way. The team also published a PGP key on the website and in the blog to prove the social network accounts of Hodl Hodl had not been compromised.

More details of the situation will come later in the blog, CEO Max Keidun told CoinDesk.

Hodl Hodl is one of the few places allowing users to buy bitcoin for fiat without sending funds to the third-party wallet of a centralized exchange. The company is owned by the team and a small number of investors, including the centralized exchange Bitfinex.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Anna Baydakova

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.