LocalBitcoins User Funds Stolen After Chat Client Hack
P2P marketplace LocalBitcoins has experienced a hack on its chat client, resulting in the distribution of malware and loss of customer funds.
Jan 29, 2015 at 9:24 a.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/YEFOVLR7NBEWTAL7WTIXUXNHZQ.jpg)
:format(webp)/downloads.coindesk.com/arc/failsafe/user/1x1.png)
Peer-to-peer bitcoin marketplace LocalBitcoins suffered a hack this week that resulted in the distribution of malware and a loss of customer funds.
Affected users will be granted refunds after taking steps to address security vulnerabilities, according to the company.
The bitcoin marketplace has experienced security-related problems before, including an incident last year when a hacker gained access to its servers for a brief period of time, though according to LocalBitcoins no customer data was lost. Customers have also reported running afoul of fraudulent users in the past.
Kangas told CoinDesk that he believed the hackers used an unknown kind of malware that was able to bypass existing security measures, and took personal responsibility for the LiveChat intrusion.
He explained:
Customer postings on LocalBitcoins suggest that at least one user reportedly lost funds through other bitcoin-related accounts, but that user later reported that discussions with the company were underway on a possible solution.
Awareness prevented spread
According to the company, three users were identified as having lost funds during the hack. Reports indicate that a lack of two-factor authentication may have been to blame for the fraudulent withdrawals, and LocalBitcoins advised customers to ensure that they are using such security measures to protect their accounts.
Kangas said that thanks to the combined efforts of LocalBitcoins employees and users of the site, information about the LiveChat compromise was disseminated relatively quickly, noting:
Kangas added that the company is looking at how they can improve their internal security protocols to avoid similar incidents in the future, and suggested that the incident was illustrative of the costs and challenges of participating in a digital economy.
“This is not only a challenge to bitcoin users, but to all Internet services and users in general, about how to make those attacks equally expensive for those attackers,” he said.
Malware image via Shutterstock
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/DACE5KUDHVER5A3U6E4AHY7H5Q.jpg)
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/5PVVPRTZRNBE5IG6CTHHPWYNVE.jpg)
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/P57IYS5OCVB3VJN2B6KXGINV6Q.jpg)
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/DV4HVORDCZGVNIP3DMJ6HQ6KW4.jpg)