At 5:55 AM EST on Jan 26, a reported phishing attempt on LocalBitcoins surfaced on Reddit. LocalBitcoins confirmed a security vulnerability at 10:37 AM.
It was announced that outgoing transactions had been suspended during the investigation of these claims. LocalBitcoins also announced that, after implementing new security measures, outgoing transactions had been re-enabled.
The forums on LocalBitcoins remained disabled at the time this article was written.
The First Report
Reddit user BitcoinBabeu first reported an apparent phishing attack on LocalBitcoins.
It was alleged that user accounts at LocalBitcoins were in danger because of an ongoing phishing attack on the site. BitcoinBabeu stated that users who were already logged into their accounts were logged out and forced to log back in. It was during this second log-in that two-factor authentication codes were supposedly being used to steal money from affected users.
As a result, it was also alleged LocalBitcoins had suspended withdrawals.
Confirmation by LocalBitcoins
These accusations were investigated by LocalBitcoins.
Around four hours after the initial allegations from BitcoinBabeu, LocalBitcoins published the “LocalBitcoins’ report on the security vulnerability 26.01.22019” on its subreddit, which stated that a security vulnerability was detected on the site at around 5:00 AM EST. Exploiting the vulnerability, a bad actor accessed at least six user accounts and used them to send transactions to a yet-undisclosed location.
LocalBitcoins subsequently disabled outgoing transactions, though it was also announced that they were soon thereafter re-enabled. No time table is given as to how long the transactions were disabled.
The exact nature of the security vulnerability or how the phishing attempt was orchestrated were not discussed in the report — neither was there a full disclosure about the total amount of funds that were stolen. LocalBitcoins may still be investigating these matters but details of the current investigation remain limited.
All that is known is that, within less than a six-hour period on Jan 26, a phishing attack was successfully implemented on LocalBitcoins. This required a response from LocalBitcoins, which shut down the ability for users to withdraw funds. New security measures were implemented quickly thereafter with incoming and outgoing transactions functioning as normal.Within less than a six-hour period on Jan 26, a phishing attack was successfully implemented on LocalBitcoins.com. Click To Tweet
Current Shutdown of Forums
According to the report, outgoing transactions on LocalBitcoins have been re-enabled; however, there are portions of LocalBitcoins which remain inaccessible. When one tries to visit the forums, the user receives the above measure.
The visitor is directed to one of two offsite locations. First, there is the LocalBitcoins subreddit. After scrolling past a few pinned posts, one can find the latest security report and BitcoinBabeu’s first report. The second link leads to old forums where the disabling of the outgoing transactions appears to be the last widely discussed topic before the shutdown of the website.
How long do you think the LocalBitcoins forums will be disabled? Let us know your thoughts in the comments below!
Images courtesy of Shutterstock, LocalBitcoins.