The popular peer-to-peer trading site LocalBitcoins has reportedly experienced a significant attack and theft. At 10:00 UTC on January 26, the site’s administrators detected an issue that allowed an attacker to gain access to various user accounts. LocalBitcoins quickly locked down outgoing transactions in order to investigate the issue, and some details have already come to light.
The Attack In Detail
The attack seems to have been a meticulous phishing attack: a hacker managed to redirect several users from the official LocalBitcoins site to a fake login page, which was used to steal usernames and passwords. An unidentified third-party feature initially allowed the attacker to carry out the plan, and the forum has been suspended for security reasons. The KYC database, which holds user identities, was not compromised, fortunately.
The scope of the attack is still unknown, but LocalBitcoins has confirmed that the attack has affected at least six users. According to those who believe they have identified the attacker’s address, at least 7.95 BTC ($28,000) have been stolen so far. It seems that the threat has been eliminated, as LocalBitcoins has reopened outgoing transactions and is assuring users that the site can be safely used once again.
One Of Many Attacks
This is not the first time that LocalBitcoins has been attacked: in 2013, an attacker succeeded in stealing 82 BTC by sending malware as message attachments; in 2014, another attacker gained server access but failed to steal any funds; in 2015, 17 BTC were stolen by spreading malware through the site’s LiveChat system. It is not clear if this attack is similar to previous incidents.
Although frequent, these attacks seem to have had a relatively minor effect on LocalBitcoin’s image. Much more controversial is the site’s recent decision to implement KYC features, removing anonymity and driving some users toward competing exchanges like Paxful. Nevertheless, LocalBitcoins saw record-high trading in some countries last fall, and it seems unlikely that the events of yesterday will do any lasting damage to the site’s reputation.