• Attackers managed to compromise users who were accessing LocalBitcoins forum by redirecting them to a phishing page and collecting login credentials from them.
  • Six accounts have been impacted in this incident, of which 7.95205862 bitcoins equivalent to $28,200, have been stolen from five of the victims.

LocalBitcoins announced a security breach on January 26, 2019. The breach lasted for almost five hours before LocalBitcoins interfered to stop the ongoing attack. The company stopped the attack by taking its forum offline and temporarily disabling transactions on its platform.

What happened?

Users reported suspicious redirection activities while accessing the LocalBitcoins Forum page.

  • When users were accessing the LocalBitcoins Forum, they would be redirected to a phishing page appearing to be a legitimate LocalBitcoins login page.
  • Once the users enter their credentials in the phishing page to log in, attackers would collect the login credentials and attempt to login into users’ accounts.
  • Attackers would then ask for Two-factor authentication (2FA) one-time code if their accounts were protected by a 2FA mechanism.

What was compromised?

LocalBitcoins confirmed that six users accounts have been affected and user funds had been stolen in the incident. The attackers have stolen 7.95205862 bitcoins worth $28,200 from five of the victims. The victims shared the Bitcoin address to which they have sent the funds and claimed that it belonged to the attackers.

What was the immediate action taken?

Upon learning about the incident, LocalBitcoins took its Forum offline and temporarily disabled transactions on its platform in order to prevent attackers from stealing funds from any other user accounts.

The company as also carried out investigations on the incident and published a post-mortem report on 27, January 2019.

“We were able to identify the problem, which was related to a feature powered by a third party software, and stop the attack. At the moment, we are determining the correct number of users affected - so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice,” the report read.

LocalBitcoins confirmed that ongoing transactions have been re-enabled and that the company has taken measures to address the incident and secure the potentially affected user accounts.

“Your LocalBitcoins accounts are currently safe to log in and use - we encourage you to enable Two-factor authentication if you have not yet. We sincerely apologize for any inconvenience this might have caused,” the report concluded.

Cyware Publisher