The developers of non-custodial bitcoin exchange Hodl Hodl are reporting a security breach that compromised the payment keys of some of their users.
Hodl Hodl has been forced to terminate the contracts of some of its clients due to a security breach that could have compromised payment keys and caused the loss of funds, the platform's work team reported through a release.
Firstly, the developers explain that they were unable to establish official communication with the affected clients from the beginning due to the rush to find a solution to the detected security flaw to protect the funds. The platform assures that a recent audit identified that some payment keys of the users in the multi-signatures could have been compromised by a security vulnerability, so they acted quickly to protect the funds.
The security breach, the team explained in the statement, only affected a limited number of contracts, although proactive measures are being taken to ensure that all of its clients and their funds are completely safe.
The platform's team has already begun research and is working on developing new tools to help mitigate the risks. They also indicated that they are working on migrating funds from partially committed contracts to new secure contracts. “We are still investigating these issues… We will publish a transparency report on the investigation of these issues and their resolution.”, the team said.
Hodl Hodl is a lending platform and marketplace bitcoins non-custodial, which does not store users' funds, but rather allows them to carry out their operations personally and directly with other users (P2P) through multi-signature operations.
It may interest you: Monero developers report a bug that puts privacy at risk
Confusion and forced liquidations
Although the crypto platform's team promises to publish a full report with the security flaw and the solutions to be implemented, the platform has refused to comment in more detail about the detected problems. However, users began to demand explanations for the team's confusing and incomplete comments and for the forced liquidations it carried out on some of the accounts.
On Twitter, anonymous user 6102bitcoin asked Hodl Hodl to authenticate their messages via a PGP key or a video with the marketplace and lending platform's team members reporting on the current situation. A few hours after the request, 6102bitcoin reported that Hodl Hodl's CEO had sent a satisfactory proof to prove that the security breach is genuine and that the enforced measures are indeed being taken by the team as a form of protection.
Hodl Hodl pauses the release of funds
The user also warned users of the platform not to provide any personal data, such as email addresses, while Hodl Hodl remains affected, as this could jeopardize operations and allow the theft of funds when using any of the exchange or lending services.
Hodl Hodl halted the release of the funds because the platform's decryption mechanism is not yet public. User 6102bitcoin also explained that anyone on the platform or a third party who intercepts or decrypts the payment key generated at the time of making an exchange of value could steal the funds.
The Hodl Hodl decryption tool will be made public in this third quarter, the company announced at the end of July.
Continue reading: Beware: Ledger user warns about scam with fake device that arrived at his house
