Popular platform for physical buying and selling of bitcoins LocalBitcoins confirmed that it had been a phishing attack, which resulted in at least six of its users lost their funds. In total they had stolen 7.95205862 BTC (about $28 000).
In the message LocalBitcoins on Reddit says that around 10:00 UTC on Saturday, January 26, the exchange staff has discovered a vulnerability in security, which resulted in the “unauthorized source was able to access a number of accounts and use them to send transactions.”
LocalBitcoins’ report on the security vulnerability 26.01.2019 https://t.co/HD3MrbEXbl via @reddit
— LocalBitcoins.com (@LocalBitcoins) January 26, 2019
Representatives LocalBitcoins said that they were able to identify the problem and stop the attack. It is alleged that she was related to the function provided by software third party – in its result on the forum platform was posted phishing link.
As explained by a Reddit user, when you visit the forum LocalBitcoins was redirected to a phishing page where they were asked to re-enter login information, including 2FA code. As a result, the hackers were able to devastate even protected accounts.
The panelists also identified the address that received the stolen funds. According to the data of blockchain in total he had made ankle-length transfers, then the funds from that address were removed.
Additional comments from LocalBitcoins has not yet been reported, but the possibility of publishing new entries on the forum still disabled due to security considerations.
We will remind, in the end of 2018, users often complained about problems in the website LocalBitcoins, that at some point even forced the company to go in for maintenance.