LocalBitcoins Clamps Down on Security Vulnerability
Popular peer-to-peer bitcoin exchange LocalBitcoins temporarily shuttered its forum on Saturday, Jan. 26th, after a malicious agent seemingly used the page to redirect users into a phishing trap. In light of that response, a community manager with the exchange has since said only a handful of traders appear to have been affected in the attack.
Also read: U.K. Watchdog Outlines 3 Token Types, Says Utility Tokens ‘Not Securities’
Subscribe to the YouTube channel for great videos featuring industry insiders & experts
LocalBitcoins Update: ‘Accounts Are Currently Safe to Log In and Use’
In an update on the attack, LocalBitcoins declared the security vulnerability had been contained shortly after it began and that outbound transactions on the platform had been enabled again.
For now, the exchange has cited “third party software” as the attack vector and has temporarily shuttered its associated user forum to prevent further account breaches.
LocalBitcoins’ report on the security vulnerability 26.01.2019 https://t.co/HD3MrbEXbl via @reddit
— LocalBitcoins.com (@LocalBitcoins) January 26, 2019
While precise details of the episode are scarce for now, the attacker appears to have redirected affected users from what they thought was the LocalBitcoins forum to a phishing site wherein their two-factor authentication codes were scraped and then used to drain bitcoin from their exchange wallets.
At press time, the P2P platform has only confirmed six users as having been “affected” by the bitcoin thief.
On Reddit, a person claiming to be one of those users said they had been “cleaned out” of 0.14 bitcoin from the incident and provided a wallet address the attacker appeared to be using to collect stolen funds. That address contained just shy of 8 bitcoin derived from five Jan. 26th transactions at the time of this article’s publication.
It’s presently unclear if LocalBitcoins will cover the affected traders’ losses. For their part, the exchange said they’ve already implemented new measures to prevent similar cyberattacks in the future.
“We have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk,” a LocalBitcoins community manager commented in the aftermath.
Hackers Gonna Hack
Luckily, it seems the latest LocalBitcoins attack was quickly contained.
But combined with the $2.5 million USD Cryptopia exchange hack earlier this month, the episode provides another painful reminder that hackers are probing the cryptoverse’s weaknesses as actively as ever so far in 2019.
And, of course, hackers have a bona fide cocktail of different techniques, like keylogging, screen scraping, and DNS hijacks, that they can and will deploy to steal crypto.
The brief LocalBitcoins attack only highlights once more that users in the fledgling cryptoeconomy must take an abundance of various precautions to protect their digital assets, at least until the space’s security dynamics mature further.
What’s your take? Should the P2P exchange be commended for their quick response, or should they be panned for that security vulnerability being available to exploit in the first place? Sound off in the comments section below.
Images via LocalBitcoins, Pixabay
