Finland-based LocalBitcoins, a peer-to-peer bitcoin trading portal, says it has suffered a hack that affected a small number of users.
The firm posted an update on Reddit on Saturday saying that it detected the security breach at around 10:00 UTC the same day, "which was related to a feature powered by a third party software." As a result, the hacker was able to access some user accounts and make transactions.
So far six user accounts are known to have been compromised LocalBitcoins said, adding that it is further investigating the attack to determine the exact number of accounts affected.
A Twitter user posted that the LocalBitcoins forum site had apparently been replaced by a fake phishing site that stole users' two-factor authentication (2FA) details and used them to access their crypto wallets.
While this is not yet fully confirmed by LocalBitcoins, it said, "For security reasons, the forum feature has been disabled until further notice."
A Reddit user who said they owned one of the accounts to have been hit in the attack also stated: "I'm afraid to use my 2fa code for the time being until the server is confirmed secure."
"When i first tried to logon with my 2fa code there was an error then when i tried again, my wallet was wiped clean. So these hackers move fast," they added.
LocalBitcoins said "We have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk."
While the firm had disabled outgoing transactions when the breach was identified, these are now functioning again and user accounts are “currently safe to log in and use,” it said. LocalBitcoins further urged users to enable two-factor authentication on their accounts.
Hacker image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.