LocalBitcoins, a Finland-based Bitcoin startup company on January 26 announced that they had detected a security vulnerability on their platform. According to the company, some users’ accounts were compromised, and Bitcoin was stolen from them. Due to the attack, outgoing transactions have been temporarily disabled.
Security Breach Detected on LocalBitcoins
LocalBitcoins on Reddit stated that a security breach had been detected on its platform. They also pointed out that the attack was caused by a third party software which had been implemented as a feature on the site. However, the security breach has been resolved, and users are encouraged to enable 2-factor authentication, said the startup.
In line with their report, the company stated that six accounts were compromised and the actor behind the crime was able to transfer funds from each. The startup also said the forum would be inactive till an unspecified time. In the same vein, withdrawals can now be made since outgoing transactions that were previously disabled, have been re-enabled.
Reddit User Publicizes Phishing Attack on LocalBitcoins
Before the announcement, a Redditor, u/bitcoinbabeau brought the security issue to light. According to the user, the attack only seems to be affecting already logged in users. The latter was made to believe that they have been logged out and was then prompted to enter their two-step authentication pin. As a result, the actor behind the crime gained access to their account to withdraw Bitcoin.
Bitcoinbabeau also pointed out that due to the attack, LocalBitcoins has put withdrawals on hold. Moreover, on accessing the site’s homepage, it now redirects to LocalBitcoins’ subreddit. Given that this is a social media platform with crypto enthusiasts yearning for fresh, controversial topics, this one has not been pushed aside. A user, for instance, was quick to ask, “Will you be held liable for stolen BTC?”
Assumption Made as to How Security Breach Occurred
In the same vein, an assumption was made that this is DNS spoofing attack. Here, control could’ve been gotten over the platform’s DNS to redirect users to the malicious site. Reports also reveal that last year, MyEtherWallet (MEW) had faced the same issue where users were redirected to a phishing page and prompted to enter their private keys.
BTCNN on January 26 reported that Mark Risher, Google’s head of account security discouraged people from using two-step verification to secure their accounts. According to Risher, this makes their account vulnerable to attack. As such, recommendations were made for the Google Authenticator app or Authy to be used instead.