Phishing Scam Hits LocalBitcoins, Clients Lose Funds | 코인긱스

Phishing Scam Hits LocalBitcoins, Clients Lose Funds



On January 26, 2019, clients of peer-to-peer bitcoin trading service LocalBitcoins were the targets of a phishing scam which resulted in the theft of a handful of bitcoins.

The Scam’s Operation

Reports claimed that the attacker was able to conduct the scam thanks to a security vulnerability on the LocalBitcoins platform. The landing page of the site’s forum reportedly was hacked, leading clients to a phishing site.

The phishing site was designed to carefully mimic the features of the actual LocalBitcoins landing page. Once on it, users were prompted to log in and provide their sensitive, two-factor authentication codes.

As soon as the hackers gained access to the codes, the users had the bitcoins in their wallet stolen.

“We would like to inform that today 26.01.2019 at approximately 10:00:00 UTC, LocalBitcoins has detected a security vulnerability – an unauthorized source was able to access and send transactions from a number of affected accounts. Outgoing transactions were temporarily disabled while we investigated the case,” LocalBitcoins noted in a Reddit post.

A user who claimed to have been hacked was able to identify the address of the hacker, and it was later found that the address has received a total of 7.95205862 BTC from five, separate transactions (equivalent to about $28,134 at press time).

LocalBitcoins Safe Again?

According to an announcement made by LocalBitcoins on Reddit, the exchange claims that the vulnerability to their system surfaced from flaws in a third-party software the exchange uses for its forum. In addition to that, LocalBitcoins stated that its security team was able to find and extinguish the issue quickly.

It confirmed that the vulnerability allowed the attacker to gain access to an undisclosed number of accounts, although at press time, it only knew of six cases where users had been affected.

It was reported that the exchange mitigated the vulnerability by blocking user access to their wallets until the issue was resolved. Also, the exchange suspended trading activities for a short period while its developers worked on neutralizing the threat. The platform was returned to full functionality a few hours after the hack.

The team noted that the vulnerability was fixed. However, there was no mention of whether or not affected users will be compensated for their losses and how they intend to track the stolen bitcoins.

The post also noted that the platform’s forum feature would remain disabled for security reasons, so for now, buyers and sellers will only be able to interact through the platform’s ciphered P2P chat.

This article originally appeared on Bitcoin Magazine.

source :


‘에이코인(ACOIN)” 은 전 세계 오프라인 금거래 시장에서 금의 안전한 거래를 위해 사용하는 프로토콜 암호화폐이며, 코인월드 에이코인(ACO) 전용마켓 오픈 예정
한미중일 4개국 합자투자로 탄생한 코인월드, ‘에이코인'(ACOIN) 국내 최초 상장 협의중으로 4/16 사전 예약 실시
Coin world, ACOIN listing Discussion
Cryptocurrency exchange coin world, advance booking on next 16th

No comments

스웜 공격의 진화, ‘시큐리티 트랜스포메이션’ 시급

기업 1곳당 공격 증가, 스웜 공격으로 기업 보안 어려워져 디지털 트랜스포메이션으로 위협 양·다양성·정교함까지 진화 ‘시큐리티 트랜스포메이션’ 시급… 자동화한 통합 보안 필요 [보안뉴스 오다인 기자] 포티넷코리아(지사장 ...