Bitcoin Gets Stolen from Six Accounts on LocalBitcoins

LocalBitcoins, a Finland-based Bitcoin startup company on January 26 announced that they had detected a security vulnerability on their platform. According to the company, some users’ accounts were compromised, and Bitcoin was stolen from them. Due to the attack, outgoing transactions have been temporarily disabled.

Security Breach Detected on LocalBitcoins

LocalBitcoins on Reddit stated that a security breach had been detected on its platform. They also pointed out that the attack was caused by a third party software which had been implemented as a feature on the site. However, the security breach has been resolved, and users are encouraged to enable 2-factor authentication, said the startup.
In line with their report, the company stated that six accounts were compromised and the actor behind the crime was able to transfer funds from each. The startup also said the forum would be inactive till an unspecified time. In the same vein, withdrawals can now be made since outgoing transactions that were previously disabled, have been re-enabled.

Reddit User Publicizes Phishing Attack on LocalBitcoins

Before the announcement, a Redditor, u/bitcoinbabeau brought the security issue to light. According to the user, the attack only seems to be affecting already logged in users. The latter was made to believe that they have been logged out and was then prompted to enter their two-step authentication pin. As a result, the actor behind the crime gained access to their account to withdraw Bitcoin.
Bitcoinbabeau also pointed out that due to the attack, LocalBitcoins has put withdrawals on hold. Moreover, on accessing the site’s homepage, it now redirects to LocalBitcoins’ subreddit. Given that this is a social media platform with crypto enthusiasts yearning for fresh, controversial topics, this one has not been pushed aside. A user, for instance, was quick to ask, “Will you be held liable for stolen BTC?”

Assumption Made as to How Security Breach Occurred

In the same vein, an assumption was made that this is DNS spoofing attack. Here, control could’ve been gotten over the platform’s DNS to redirect users to the malicious site. Reports also reveal that last year, MyEtherWallet (MEW) had faced the same issue where users were redirected to a phishing page and prompted to enter their private keys.
BTCNN on January 26 reported that Mark Risher, Google’s head of account security discouraged people from using two-step verification to secure their accounts. According to Risher, this makes their account vulnerable to attack. As such, recommendations were made for the Google Authenticator app or Authy to be used instead.

Related posts
BitcoinBitcoin NewsbtcusdBTCUSDCBTCUSDTETFNewsxbtusd

Bitcoin May Never Go Below $50k Once An ETF Is Approved, Declares On-Chain Analyst

Bitcoin may never drop below $50k asserts on-chain analyst Ki-Young Ju. But as usual, there are conditions that follow this possibility. In a tweet, Ju analyzed that Bitcoin could follow the same path that gold took in 2004 when the first…
BitcoinBitcoin NewsbtcusdBTCUSDCBTCUSDTNewsxbtusd

Quarterback Star Tom Brady Breaks Internet After Showing Interest In Bitcoin

Tom Brady, the American athlete who is widely regarded as the “greatest” quarterback in NFL history is the latest celebrity to show interest in the world’s most valued cryptocurrency Bitcoin. Brady who has a massive Twitter following of 1.9 million…
BitcoinBitcoin NewsbtcusdBTCUSDCBTCUSDTNewsxbtusd

Almost $200 Billion Worth Of Bitcoin Is Currently At Risk – Report Warns

A recently published 2021 crypto report by Opimas LLC, a finance-based management consultancy firm, has revealed that approximately 3,480,000 out of the world’s mined 18.5 million Bitcoin, stands vulnerable to attacks as a result of improper safekeeping. The 36-page report…