A breach of peer-to-peer exchange trading platform LocalBitcoins led to a series of unauthorized transactions from a number of accounts.
The exchange, which covers more than 16,000 cities around the globe, lets traders buy and sell Bitcoin in their vicinity. Its tagline, “Instant. Secure. Private” should no longer hold water following Saturday’s incident, which allowed hackers to steal funds from at least six of its users.
As per the official announcement, on Jan. 26 at around 10 AM (UTC), LocalBitcoins detected an “unauthorised source” accessing and sending transactions from a number of affected accounts. The exchange immediately disabled outgoing transactions. Still, admins later determined that at least six accounts had been affected.
“We were able to identify the problem, which was related to a feature powered by a third party software, and stop the attack,” reads the announcement. “At the moment, we are determining the correct number of users affected – so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice.”
Outgoing transactions have since been re-enabled. The exchange claims to have set up a number of roadblocks to prevent further unauthorized access. It also advises its customers to use the two-factor-authentication mechanism available with the LocalBitcoins service. According to the company, LocalBitcoins accounts are currently safe to log into and use.
Apparently, the vulnerability that led to the breach was in the forums page software. The forum is currently down for maintenance as the team continues to work towards remediation.
Two weeks ago, a similar incident was reported in New Zealand where local cryptocurrency exchange Cryptopia suffered a breach that culminated in a lot of empty crypto wallets. The news led some users to speculate that the exchange itself faked the breach as part of an “exit scam.” Local police are investigating the breach, saying that “Cryptopia management and staff have been co-operating with Police and providing considerable assistance in the investigation.”
According to a notice by the New Zealand Police Media Centre, “Good progress is being made and positive lines of enquiry are being developed to identify the source of the transfer, and to identify where the crypto-currencies have been sent.”