P2P Exchange Hodl Hodl Reports Security Issue
Hodl Hodl, a noncustodial bitcoin marketplace, said it had to force-liquidate some users’ contracts to prevent the loss of funds, pointing at a possible security issue.
“Unfortunately, our recent internal and external audit identified that some user payment passwords might have been compromised,” the Hodl Hodl team wrote in a blog post on Monday. “This affected a limited number of contracts, but we are taking proactive measures to ensure that everyone is safe.” The team said it is investigating the issue and working on safely moving funds from potentially compromised contracts.
Hodl Hodl declined to comment on the situation, but promised to publish a report as soon as the issues are investigated and fixed. “We have contacted external auditors and are doing external and internal audits on a daily basis,” the blog post read.
According to a user’s tweet, the issue pertained to the Hold Hodl lending platform, which went live in October 2020. Users also reported that the Hodl Hodl website was down for some time on Aug. 2.
Answering questions on Twitter, Hodl Hodl’s official account said the platform did not liquidate all contracts on the platform, only some.
Hodl Hodl is a peer-to-peer noncustodial marketplace. It doesn’t store users’ funds, but rather provides a way for them to buy, sell, lend and borrow bitcoin from each other in an automated fashion. Hodl Hodl weighs in only when there is a dispute about a payment.
Users lock bitcoin in multisignature escrow wallets and use their personal payment passwords to release funds from it. Some of those passwords, according to Hodl Hodl’s statement, might have been compromised.
On Aug. 1, user HodlBits tweeted concerns about Hodl Hodl, saying they received an email from the company “where they are pushing us to close contracts in the next 2 hours,” and the style of the email seemed weird. Hodl Hodl’s official account responded that the emails were authentic.
Later the same day, Hodl Hodl tweeted that the platform started forced liquidation “in those contracts that are still in In progress stage but are considered as ‘high risk.’ This is done to assure safety of YOUR funds. In order to complete the Liquidation process we will need you to undersign the Liquidation as well.”
A day later, Hodl Hodl published an explanation in its blog and apologized for not communicating with users in a more straightforward way. The team also published a PGP key on the website and in the blog to prove the social network accounts of Hodl Hodl had not been compromised.
More details of the situation will come later in the blog, CEO Max Keidun told CoinDesk.
Hodl Hodl is one of the few places allowing users to buy bitcoin for fiat without sending funds to the third-party wallet of a centralized exchange. The company is owned by the team and a small number of investors, including the centralized exchange Bitfinex.Source