LocalBitcoins Reveals Security Breach With Some Crypto Wallets Affected

Peer-to-peer bitcoin trading site LocalBitcoins says it's suffered a hack via a third-party service that affected a small number of users.

AccessTimeIconJan 28, 2019 at 1:20 p.m. UTC
Updated Sep 13, 2021 at 8:50 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Finland-based LocalBitcoins, a peer-to-peer bitcoin trading portal, says it has suffered a hack that affected a small number of users.

The firm posted an update on Reddit on Saturday saying that it detected the security breach at around 10:00 UTC the same day, "which was related to a feature powered by a third party software." As a result, the hacker was able to access some user accounts and make transactions.

So far six user accounts are known to have been compromised LocalBitcoins said, adding that it is further investigating the attack to determine the exact number of accounts affected.

A Twitter user posted that the LocalBitcoins forum site had apparently been replaced by a fake phishing site that stole users' two-factor authentication (2FA) details and used them to access their crypto wallets.

While this is not yet fully confirmed by LocalBitcoins, it said, "For security reasons, the forum feature has been disabled until further notice."

A Reddit user who said they owned one of the accounts to have been hit in the attack also stated: "I'm afraid to use my 2fa code for the time being until the server is confirmed secure."

"When i first tried to logon with my 2fa code there was an error then when i tried again, my wallet was wiped clean. So these hackers move fast," they added.

LocalBitcoins said "We have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk."

While the firm had disabled outgoing transactions when the breach was identified, these are now functioning again and user accounts are “currently safe to log in and use,” it said. LocalBitcoins further urged users to enable two-factor authentication on their accounts.

Hacker image via Shutterstock 

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Read more about