LOCALBITCOINS

DESCRIPTION OF EVENTS

"Buy and Sell Bitcoin Everywhere Near you or around the globe. Trade bitcoins person-to-person in an easy, fast, and secure way."

"At LocalBitcoins, people from different countries can exchange their local currency into bitcoins. We allow users to create advertisements where they can choose the payment method and exchange rate for buying and selling bitcoins from and to other LocalBitcoins’ users. By replying to these advertisements, a trade chat is opened and escrow protection is automatically activated. Escrow protects both buyer and seller by keeping the bitcoins safe until the payment is done and the seller releases bitcoins to the buyer. LocalBitcoins also provides a web wallet from where you can send and receive Bitcoin transactions."

"On LocalBitcoins, you are dealing with humans. Unlike stock-like exchanges and centralized Bitcoin trading websites, LocalBitcoins allows you to trade directly with another person. This makes the process customizable, lean and fast, as there is no corporate overhead. You can get your bitcoins instantly. LocalBitcoins aims to support every suitable payment method its user community supports. For every trade, LocalBitcoins offers escrow protection to ensure the bitcoins and both traders are safe."

"The crypto market may have slowed, with Bitcoin (BTC) falling by upwards of 70% during yesteryear, but ambitious attackers have continued their attempts to breach industry upstarts. Most recently, rumors arose that LocalBitcoins, a popular peer-to-peer, non-conventional exchange, had fallen victim to a security breach."

"The popular peer-to-peer cryptocurrency exchange LocalBitcoins has seemingly been compromised, as users are reporting its forums were redirecting them to a login page that then sent their details to a hacker. An address being shared already has nearly 8 BTC – around $28,600 – in it."

"We would like to inform that today 26.01.2019 at approximately 10:00:00 UTC, LocalBitcoins has detected a security vulnerability - an unauthorised source was able to access and send transactions from a number of affected accounts. Outgoing transactions were temporarily disabled while we investigated the case."

"Moreover, users should always confirm they’re using the wallet vendor’s proprietary software and double check what they’re using does indeed come from the vendor. Phishing scams are unfortunately nothing new in the cryptocurrency space, as these attacks even took $28,600 from users of the peer-to-peer exhcnage LocalBitcoins last year."

"@LocalBitcoins has apparently been compromised. Users are claiming its forums were redirecting them to a login page that was a phishing website. An address shared on social media already has $28,000 worth of #BTC in it after tricking 5 victims. Forums are now diabled."

"From my understanding 2fa did not prevent the exploit as it occurred when a user clicked onto the forum page well the site was under attack which then redirected the user to a phishing page, which was not used to get their logins but to phish their 2fa code which was likely passed onto a script, which was executed within the 3rd party forum software that emptied the users wallet on their browser.This explains why there was no need to bypass the third factor browser authentication nor any IP logs of different IPs on the effected users account."

"As soon as they enter their credentials, the thread claims, these are sent to the hacker who then empties their accounts. An address being shared on social media already has $28,600 worth of BTC in it, after tricking 5 victims." "On the thread, various users have claimed to have lost funds, including one who says 11 BTC were taken from his address. If so, this could mean the hacker is siphoning funds to other addresses."

"[W]hen [I] first tried to logon with my 2fa code there was an error then when i tried again, my wallet was wiped clean. So these hackers move fast. They might be using an automated system to harvest and possibly enter usernames/emails and password combos and 2fa codes." "[T]hey got 1 2fa code which is good for ~15seconds to login, and then another 2fa code is required for withdrawal." "They show you an error page and ask you to login again, which gives them the second 2fa code."

"@LocalBitcoins claims the attack came due to a problem"related to a feature powered by a third party software." It has reportedly stopped the attack, and says its platform is now safe to use."

"We were able to identify the problem, which was related to a feature powered by a third party software, and stop the attack. At the moment, we are determining the correct number of users affected - so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice."

"Outgoing transactions have already been re-enabled and we have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk."

These criminals were far from stealthy - redirecting the forums to a suspicious login page, which allowed them to get the 2FA details from customers then empty the wallets which are used as an escrow during trades. The breach was quickly caught within 5 hours, and I was able to find a Reddit post confirming that at least one customer was reimbursed.

Crypto Hacker Scores $28,600 After Hack Of Bitcoin Exchange - Ethereum World News (Feb 1)
100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25)
Most Significant Hacks of 2019 — New Record of Twelve in One Year (Feb 23)
Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5)
SlowMist Hacked - SlowMist Zone (Jun 26)

More case studies

CoinZest
Accidental Airdrop

Liqui
Shuts Down