Bitcoin
$63,366.82-4.34%
Ethereum
$3,115.55-4.33%
Binance Coin
$607.65+0.07%
Solana
$144.41-8.24%
XRP
$0.51697891-3.95%
Dogecoin
$0.14929726-6.51%
Toncoin
$5.23-7.88%
Cardano
$0.46656614-5.06%
Shiba Inu
$0.00002488-6.20%
Avalanche
$35.15-8.50%
Tron
$0.11574603+1.66%
Wrapped Bitcoin
$63,449.42-4.30%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Countdown to Consensus 2024The largest and longest running event that covers all sides of Crypto and Web 3
33
DAYS
22
HR
02
MIN
00
SEC
Finance

Hodl Hodl Explains August Security Issues, Puts Lending on Hold

The peer-to-peer bitcoin lending platform is closed for new deals until the planned relaunch in September.

By Anna Baydakova
AccessTimeIconSep 3, 2021 at 10:37 a.m. UTC
Updated May 11, 2023 at 7:04 p.m. UTC
Hands of car mechanic in auto repair service.
Hands of car mechanic in auto repair service.
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Hodl Hodl, a non-custodial marketplace for bitcoin peer-to-peer purchases and loans, published an update on the security issue it reported in early August.

On Aug. 2, Hold Hodl reported a security issue on its platform for peer-to-peer bitcoin loans, named Lend. The team asked users to migrate their loan contracts to new escrows and get stronger payment passwords. Hodl Hodl also said it had to force-liquidate some of the contracts to keep users’ funds safe from possible attacks.

VolumeMuteUnmute

Crypto’s Biggest Concerns in 2023

  • Aptos Is Not a Security: Anchorage General Counsel
    00:45
    Aptos Is Not a Security: Anchorage General Counsel
  • Telegram Users Can Now Send Crypto to Each Other via Wallet Bot: Report
    07:20
    Telegram Users Can Now Send Crypto to Each Other via Wallet Bot: Report
  • Bitstamp CEO on Regulatory Implications of Ethereum’s Proof-of-Stake Transition
    01:14
    Bitstamp CEO on Regulatory Implications of Ethereum’s Proof-of-Stake Transition
  • Grayscale, Disclosing SEC Queries, Says Cryptos XLM, ZEC, ZEN May Be Securities
    05:05
    Grayscale, Disclosing SEC Queries, Says Cryptos XLM, ZEC, ZEN May Be Securities

    • In an update on Friday, Hodl Hodl said two vulnerabilities were found in Lend’s code. The team did not identify any loss of users’ funds. However, it “had no guarantee that these vulnerabilities weren’t exploited already, and some user payment passwords weren’t obtained by bad actors,” according to a Sept. 2 blog post explaining why the team asked users to migrate their funds to new escrows.

    Hodl Hodl also force-liquidated some of the most risky contracts, less than 1% of all contracts, the blog post said.

    Hodl Hodl does not store users’ funds and runs on what the team calls bitcoin smart contracts, allowing users to generate multisignature escrow wallets in which the bitcoin gets locked until the deal is complete. This allows people to trade bitcoin for fiat money or borrow USD-denominated stablecoins, like USDT, for collateral without parking their funds with a third-party entity, as centralized platforms do.

    In late July, Hodl Hodl hired a new auditing firm to check the security of its code, and the firm found two vulnerabilities. “One of them allowed to easily brute force weak passwords. Another one was found in the front end of our lending platform. This vulnerability could lead users to input their payment passwords into a fake form (produced and generated by the attacker), allowing them to access the user’s private key,” Hodl Hodl wrote.

    The issue applied only to the lending product, not the trading product, CEO Max Keidun told CoinDesk. He confirmed no funds had been stolen.

    The team is now working on “new extra security features, which will be a part of a more significant update called Lend 2.0,” according to the blog. The new platform will be launched sometime in September, the company added, and will “contain major security and UI/UX improvements and use a different security and usability approach than the previous version.”

    For now, the platform is closed to new loan contracts, which will become available after the relaunch. Existing contracts that haven’t expired yet are still running on the platform, Keidun said.



    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Anna Baydakova
    Anna Baydakova

    Anna Baydakova was CoinDesk's investigative reporter with a special focus on Eastern Europe and Russia. Anna owns BTC and an NFT.

    Follow @baidakova on Twitter

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.