Security Breach at LocalBitcoins Allowed Access by Unauthorized Users

2019, Breaches, January

Who: LocalBitcoins

No. of Accounts Breached: 6 as of press time

What was affected: It confirmed that the vulnerability allowed the attacker to gain access to an undisclosed number of accounts, although, at press time, it only knew of six cases where users had been affected.

When it happened: January 26, 2019

How it happened: The landing page of the site’s forum reportedly was hacked, leading clients to a phishing site. The phishing site was designed to mimic the features of the actual LocalBitcoins landing page carefully. Once on it, users were prompted to log in and provide their sensitive, two-factor authentication codes. As soon as the hackers gained access to the codes, the users had the bitcoins in their wallet stolen.

Outcome: The team noted that the vulnerability was fixed. However, there was no mention of whether or not affected users will be compensated for their losses and how they intend to track the stolen bitcoins. The post also noted that the platform’s forum feature would remain disabled for security reasons, so for now, buyers and sellers will only be able to interact through the platform’s ciphered P2P chat.

Related reference:

Malcare WordPress Security