Saturday 27th of February, we received a threatening message stating that personal data of LiteBit users has been compromised and would be published unless LiteBit pays for the data. We will never cave in to any threats of such a nature as this is against our policy: we do not fund criminal activity and we are transparent with our users.
Based on a sample of the data that was included in the message and further analysis we conclude that this concerns relatively old data from before December 2019.
What happened with my data?
Transparency is one of our key principles and so we will share available information and provide updates if there are any:
- We have indications that some users' data have been compromised and fallen into the hands of unauthorized party. This data consists of name, e-mail address, phone number and IBAN.
- Based on the intensive research that has already taken place so far, this incident is based on a set of old data from 2019.
- We can alleviate potential concerns by being entirely clear and certain in this matter:
Funds, passwords and ID documents have never been at risk.
Are my funds safe?
Your funds at LiteBit have never been at risk.
The coins are stored for 95% to 98% on an offline wallet, so cold storage. This means that the wallets are not connected to the internet. The reason we chose this is because it is the safest way. Again: Your funds at LiteBit have never been at risk.
What does LiteBit do about security?
We are currently investigating this incident further with both LiteBit experts and industry leading IT security experts. LiteBit also reported this incident to the relevant authorities, including the Autoriteit Persoonsgegevens (AP) and with law enforcement.
What can I do to provide extra security for my funds?
Copies of your ID documents nor your LiteBit passwords haven't been compromised. In general, we always advise you to keep your passwords updated, don’t use the same passwords for different accounts and use 2-factor authentication.
If you have not yet enabled 2-factor authentication, this is something that you can do now. Please find the FAQ here how to do this.
As always, please be aware for phishing attempts on your account and other signs that your data is being phished or used by unauthorized persons. We will never ask for your personal data or to send crypto to addresses besides when accessing your personal account within the LiteBit platform. LiteBit does not share links in the e-mails that we send to our customers, we always ask you to directly go to the LiteBit website or app. Do not click on links from e-mail addresses that you do not trust. More information about that can be found here.
We take safety and security very seriously and we will inform you when there is any development that is relevant for you. In this difficult time, we strive to maintain transparent and would be appreciative of your support.