By MyBitcoinNews.com: The peer-to-peer bitcoin trading platform LocalBitcoins is reported to have been undergoing a phishing attack. Users have supposedly lost at least $28,000 already.
LocalBitcoins Phishing Attack
A few hours ago, Reddit user bitcoinbabeau posted a PSA on Reddit, sharing that one of the most popular P2P bitcoin trading platforms – LocalBitcoins, is subjected to a phishing attack.
Supposedly, users who attempt to visit the URL of the platform’s forum are prompted to input their login information as if they have been logged out. The OP shares that this only happens to users who are logged in.
The URL is reported to represent a phishing website, sending the user’s details to the hacker, hence enabling him to drain the account.
According to the thread, the withdrawals on the platform have been suspended. For the time being, the platform’s forum is also suspended, hinting that there is, indeed, something going on.
$28,000 Supposedly Stolen During the LocalBitcoins Phishing Attack
As of the time of this publication, there is no official statement on behalf of LocalBitcoins regarding the supposed attack.
However, a couple of users, commenting on the Reddit thread have said that they’ve already lost money.
One of them says that he’s been ‘cleaned’ out of 0.14BTC. The user has provided a BTC address which has supposedly received the amount. The same already has 7.95BTC spread over 5 different transactions. With the current BTC price in mind, this amount is equal to about $28,000.
It’s not clear, though, whether the mentioned address belongs to the hacker. It’s also unclear whether this is his only address – hence, the damages could eventually be greater.
UPDATE:LocalBitcoins has since provided the following clarifications on the matter:
We would like to inform that today 26.01.2019 at approximately 10:00:00 UTC, LocalBitcoins has detected a security vulnerability – an unauthorised source was able to access and send transactions from a number of affected accounts. Outgoing transactions were temporarily disabled while we investigated the case.
We were able to identify the problem, which was related to a feature powered by a third party software, and stop the attack. At the moment, we are determining the correct number of users affected – so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice.
Outgoing transactions have already been re-enabled and we have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk.
Your LocalBitcoins accounts are currently safe to log in and use – we encourage you to enable Two-factor authentication, if you have not yet.
We sincerely apologise for any inconvenience this might have caused.
Kind Regards, LocalBitcoin
Images credit to Pixabay