Localbitcoins attackers steal $28,000 worth of cryptocurrencies

Localbitcoins, a peer-to-peer trading site, had a busy weekend after unknown persons hacked their system. According to the announcement, LocalBicoin attack happened at around at around 10:00 UTC (05:00 ET) on January 26. Unknown people (person) were able to access accounts on the platform and empty funds from affected accounts.

Localbitcoins administrators, who took immediate action and temporarily disabled all outgoing transactions, detected the attack. Localbitcoins claims that upon investigation, they discovered that an unknown third-party feature allowed attackers to redirect several users to a fake login site where they became vulnerable to the attack.

The attack has since been stopped, with Localbitcoins still doing investigations to determine the number of affected accounts. So far, six accounts affected by the attack have been identified.

Reportedly, even before the official communication from Localbitcoins, a Reddit user posted a post on the /r/bitcoin subreddit (a Bitcoin Core (BTC) subreddit) stating:

“When visiting the Localbitcoins forum […] users are prompted to log into their account, as if they have been logged out. This only seems to happen if you are already logged in. This is [SIC] a PHISHING SITE and 2FA codes are being used to empty customer accounts. Localbitcoins have since suspended withdrawals.”

The attackers transferred 7.95205862 BTC, which is about $28,000, to a crypto address.

Localbitcoins also stated, “We have taken some measures to address this issue and secure the limited number of accounts that might have been at risk.”

Administrators have already re-enabled transactions. In the announcement, the exchange also urged customers to enable the Two-factor authentication.

Attacks on cryptocurrency wallets have become a common thing. Localbitcoins suffered a similar scam in 2013. Attackers used a malicious malware to gain access to the platform where they stole 82 BTC at the time. In 2014, attackers tried but failed to take any funds from the Localbitcoins. However, 17 BTC were stolen from its platform after attackers spread malicious malware through the sites LiveChat system.

The most recent victim was Cryptopia, a cryptocurrency exchange based in New Zealand. The attackers stole Centrality tokens and Ether that amounted to about $3.65 million.