On January 26, 2019, clients of peer-to-peer bitcoin trading service LocalBitcoins were the targets of a phishing scam which resulted in the theft of a handful of bitcoins.
The Scam's Operation
Reports claimed that the attacker was able to conduct the scam thanks to a security vulnerability on the LocalBitcoins platform. The landing page of the site's forum reportedly was hacked, leading clients to a phishing site.
The phishing site was designed to carefully mimic the features of the actual LocalBitcoins landing page. Once on it, users were prompted to log in and provide their sensitive, two-factor authentication codes.
As soon as the hackers gained access to the codes, the users had the bitcoins in their wallet stolen.
"We would like to inform that today 26.01.2019 at approximately 10:00:00 UTC, LocalBitcoins has detected a security vulnerability - an unauthorized source was able to access and send transactions from a number of affected accounts. Outgoing transactions were temporarily disabled while we investigated the case," LocalBitcoins noted in a Reddit post.
A user who claimed to have been hacked was able to identify the address of the hacker, and it was later found that the address has received a total of 7.95205862 BTC from five, separate transactions (equivalent to about $28,134 at press time).
LocalBitcoins Safe Again?
According to an announcement made by LocalBitcoins on Reddit, the exchange claims that the vulnerability to their system surfaced from flaws in a third-party software the exchange uses for its forum. In addition to that, LocalBitcoins stated that its security team was able to find and extinguish the issue quickly.
It confirmed that the vulnerability allowed the attacker to gain access to an undisclosed number of accounts, although at press time, it only knew of six cases where users had been affected.
It was reported that the exchange mitigated the vulnerability by blocking user access to their wallets until the issue was resolved. Also, the exchange suspended trading activities for a short period while its developers worked on neutralizing the threat. The platform was returned to full functionality a few hours after the hack.
The team noted that the vulnerability was fixed. However, there was no mention of whether or not affected users will be compensated for their losses and how they intend to track the stolen bitcoins.
The post also noted that the platform's forum feature would remain disabled for security reasons, so for now, buyers and sellers will only be able to interact through the platform's ciphered P2P chat.