- Few wallets were affected
- Indications of a phishing attack on third-party forum feature
- LocalBitcoins says it’s now safe to trade
LocalBitcoins, one of the largest peer to peer bitcoin trading portals has confirmed a security breach on its platform. The Finland-based firm revealed via an entry on Reedit that it noticed the security problem on Saturday at about 10 am UTC (or 4 am CST).
The post read:
“We would like to inform that today 26.01.2019 at approximately 10:00:00 UTC, LocalBitcoins has detected a security vulnerability – an unauthorized source was able to access and send transactions from a number of affected accounts.”
Nature and Source of Security Breach
The firm explained that the hack originated from a feature powered by a third party software. Through the forum feature, the attacker was able to access some user accounts and make transactions from some affected accounts.
According to the LocalBitcoins update, up to six affected user accounts have been confirmed although the total number of affected accounts was yet to be ascertained. Just about the same time, a cryptocurrency enthusiast simply identified as ‘Bitcoin babe’ raised an alarm about a phishing attack targeting users of LocalBitcoins Forum users. “It seems someone has taken over the forum site with a phishing page,” she wrote warning users not to log into a phishing page when redirected. She said that the 2-factor verification details of users who logged in were harvested and used to empty their wallets.
Response to the Security Breach
The Localbitcoins team said they promptly disabled outgoing transactions temporarily and proceeded with investigations. They also disabled the Forum page when the attack was on.
While users were quick to express concern about the security of their funds and private information, the trading platform assured that the breach did not affect customer information provided as part of KYC requirements. Furthermore, the exchange said all user accounts are now safe and outgoing transactions have been re-enabled.
“We have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk.
Crypto Security Concerns Continue in 2019
The year is still new but the cryptocurrency community has started to witness cyber-attacks on exchanges. Though nothing like the attack on Coincheck which occurred around this time last year, the attacks have raised new concerns about blockchain security. As Smartereum reported, Ethereum Classic blockchain suffered a rare 51 percent attack in which there were block reorganizations and double spendings to the tune of $1.1M.
Also, New Zealand exchange Cryptopia lost about $16 million to hackers according to data protocol service providers Elementus. The attack which was first reported to security agencies on Jan 15 reportedly continued even during the period of investigation.