Peer-to-Peer Crypto Platform LocalBitcoins Compromised Following Phishing Attack

The popular peer-to-peer Bitcoin trading site LocalBitcoins has supposedly been compromised: Founded in 2012, LocalBitcoins has become one of the most popular peer-to-peer (P2P) bitcoin trading platform worldwide

It allows users to post advertisements where they can state their desired exchange rate and payment methods for either buying or selling BTC. Interested parties can agree actually to meet the person and purchase the BTC for cash or to trade directly using online banking. The bitcoins are placed in the platform’s web wallets where users are able to pay for the purchases directly.

Just recently, we had reported on the vast increase in the popularity of the platform amongst Latin America.

According to a thread on Reddit, when visiting the URL leading to LocalBitcoins’ forum page, users are prompted to log into their account, as if they have been logged out.

This only happens in case the user is already logged in, concluding that this is a phishing attempt, sending users’ 2FA codes to the hacker.

Withdrawals on the platform have reportedly been temporarily halted. The platform has also disabled its forum.

The Damage is Done

A specific address has been suspected to belong to the attacker. It already has 7.95BTC sent to it via five separate transactions. At current rates, this amount is roughly equal to $28,000. It’s not yet clear whether this is the only address of the supposed hacker.

As of the time of this writing, LocalBitcoins hasn’t come up with an official statement regarding the supposed phishing attack. However, users are advised to refrain from logging in and providing information while the matter is resolved officially.

Phishing attacks are common amonst the crypto space: Last year, the popular ERC-20 wallet MyEtherWallet was also the target of a DNS spoofing attack which had users give up their credentials to hackers.

UPDATE: LocalBitcoins Responds: Now it’s safe to login

LocalBitcoins had recently responded to the claims:

“We would like to inform that today 26.01.2019 at approximately 10:00:00 UTC, LocalBitcoins has detected a security vulnerability – an unauthorised source was able to access and send transactions from a number of affected accounts. Outgoing transactions were temporarily disabled while we investigated the case.

We were able to identify the problem, which was related to a feature powered by a third party software, and stop the attack. At the moment, we are determining the correct number of users affected – so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice.

Your LocalBitcoins accounts are currently safe to log in and use – we encourage you to enable Two-factor authentication, if you have not yet.”