Announcing a Return to our Roots: The All-New Bitcoin Magazine

Phishing Scam Hits LocalBitcoins, Clients Lose Funds

by

        Phishing Scam Hits LocalBitcoins, Clients Lose Funds
Phishing Scam Hits LocalBitcoins, Clients Lose Funds

On January 26, 2019, clients of peer-to-peer bitcoin trading service LocalBitcoins were the targets of a phishing scam which resulted in the theft of a handful of bitcoins.

The Scam’s Operation

Reports claimed that the attacker was able to conduct the scam thanks to a security vulnerability on the LocalBitcoins platform. The landing page of the site’s forum reportedly was hacked, leading clients to a phishing site.

The phishing site was designed to carefully mimic the features of the actual LocalBitcoins landing page. Once on it, users were prompted to log in and provide their sensitive, two-factor authentication codes.

As soon as the hackers gained access to the codes, the users had the bitcoins in their wallet stolen.

“We would like to inform that today 26.01.2019 at approximately 10:00:00 UTC, LocalBitcoins has detected a security vulnerability – an unauthorized source was able to access and send transactions from a number of affected accounts. Outgoing transactions were temporarily disabled while we investigated the case,” LocalBitcoins noted in a Reddit post.

A user who claimed to have been hacked was able to identify the address of the hacker, and it was later found that the address has received a total of 7.95205862 BTC from five, separate transactions (equivalent to about $28,134 at press time).

LocalBitcoins Safe Again?

According to an announcement made by LocalBitcoins on Reddit, the exchange claims that the vulnerability to their system surfaced from flaws in a third-party software the exchange uses for its forum. In addition to that, LocalBitcoins stated that its security team was able to find and extinguish the issue quickly.

It confirmed that the vulnerability allowed the attacker to gain access to an undisclosed number of accounts, although at press time, it only knew of six cases where users had been affected.

It was reported that the exchange mitigated the vulnerability by blocking user access to their wallets until the issue was resolved. Also, the exchange suspended trading activities for a short period while its developers worked on neutralizing the threat. The platform was returned to full functionality a few hours after the hack.

The team noted that the vulnerability was fixed. However, there was no mention of whether or not affected users will be compensated for their losses and how they intend to track the stolen bitcoins.

The post also noted that the platform’s forum feature would remain disabled for security reasons, so for now, buyers and sellers will only be able to interact through the platform’s ciphered P2P chat.

Recommended

Neutrino: A Privacy-Preserving Light Wallet Protocol

Jimmy Song explains Neutrino, a new protocol for light clients to get the data that they need while preserving privacy, without trusting a central server.

Jimmy Song

Blockchain Analysis Is About to Get Harder as P2EP Enters Testing Phase

“Privacy is essential for Bitcoin. Ideally we want to screw up [blockchain] analysis so badly, that they can't even make it.”

Aaron van Wirdum

Security Researchers Reveal Wallet Vulnerabilities On Stage at 35C3

The companies behind the hardware wallets claim not to have been given an opportunity to fix the vulnerabilities via responsible disclosure practices prior to the announcement.

Jimmy Aki

A Bug Making Ethereum Transactions on Exchanges Vulnerable Has Been Fixed

A bug centering around a new Ethereum token, GasToken, which was enabling abuse on cryptocurrency exchanges, appears to have been resolved.

Nick Marinoff