LocalBitcoins has become a victim of a phishing attack. At least six users have been affected after following a link to a fake LocalBitcoins page.
Though crypto platforms do their best to ensure the highest security of funds of their clients, due to the nature of the modern technologies the threat still exists. Hackers always try to detect the weak points in platforms’ protection and use them in their interests staying unnoticed.
This time sad new have come from peer-to-peer trading service LocalBitcoins.
According to the information revealed, this popular peer-to-peer trading site has suffered from a significant attack and theft. The administration of the site detected that a hacker or a hacker group had gained access to a range of user accounts.
Having detected a security vulnerability in the LocalBitcoins forum, the attacker managed to redirect some LocalBitcoins site users to a purposely created fake login page which helped the hacker to steal their usernames and passwords. Such a scheme is rather common for a phishing attack.
Though this unknown third-party feature initially let the attacker’s plan be successfully fulfilled, it hasn’t affected the KYC database of LocalBitcoins.
The exact number of users who have become victims of this attack is not disclosed yet, nevertheless, it is known that at list six users have suffered from the hack.
Details of the Attack
It was a Reddit user who was the first to warn others about the issue:
“When visiting the localbitcoins forum […] users are prompted to log into their account, as if they have been logged out. This only seems to happen if you are already logged in. This is is [SIC] a PHISHING SITE and 2FA codes are being used to empty customer accounts. Withdrawals have since been suspended by LocalBitcoins.”
If the address of the hacker (of the group of attackers) was identified correctly by one of the users who claimed to be a victim of the attack, a total of 7.95205862 BTC has been sent to this address in five different transactions. It means that about $28,000 has been stolen so far.
When the administrators of LocalBitcoins detected the issue, they managed to react rather quickly and lock down outgoing transactions in order to investigate the case. But given the fact that LocalBitcoins has reopened outgoing transactions, it can be concluded that the threat has been eliminated and the site can be used absolutely safely.
“Your LocalBitcoins accounts are currently safe to log in and use – we encourage you to enable Two-factor authentication, if you have not yet. We sincerely apologise for any inconvenience this might have caused”, wrote the company in its official statement.
Other Crypto Criminal Cases
Unfortunately, it’s far not the first case when fraudsters tried to earn money in the crypto sphere in a completely illegal way.
Among other egregious cases that took place not so long ago, we can mention the situation in Sweden where some fraudsters were offering people a possibility to buy e-kronas, the national digital currency that does not exist. In general, the idea of launching the national crypto in the country had been discussed earlier but the final decision had not been taken, so somebody used this situation to make money.
Another case that has happened this year already is the issue on the Ethereum Classic (ETC) blockchain. As CoinSpeaker has reported, during a deep chain reorganization approximately $500,000 worth of Ethereum Classic was spent more than once.
Crypto exchanges are quite often affected by hackers. One the recent examples is crypto exchange MapleChange based in Canada. This attack has resulted in the loss of the whole consumer-owned funds.
All these cases prove that each crypto investor should bear in mind the risks that he or she may face investing significant funds into the crypto industry.