Yesterday, on Saturday, January 26, LocalBitcoins, a cryptocurrency exchange portal, announced a security breach.
The rape occurred at around 10:00 UTC (05:00 EST) and lasted almost five hours before the company stepped in to stop the attack.
During this time, users reported that when they access the LocalBictoins forum, they will be redirected to a page that will simulate the login page of the LocalBitcoins.
In the background, hackers collected user credentials, tried to log in to a user account, and then requested a unique two-factor authentication code (2FA) if the accounts were protected by a mechanism. 2fa.
LocalBictoins stopped the attack by taking down its forum and temporarily shutting down transactions on its platform so that hackers could not steal money from any other account that they managed to crack.
LocalBitcoins blames security breach on forum ‘third-party software’
The stock exchange resumed its commercial activity today, when it also published a death report on its hacking research.
“We were able to identify a problem that was associated with a function activated by third-party software,”. “For security reasons, the forum feature has been disabled until further notice.”
At the time of this writing, it is unclear which forum widget was designed to deliver malicious code that redirected users of a real forum to a phishing site.
LocalBitcoins confirmed that user funds were stolen as a result of the incident. Swap said he identified six accounts that were affected, during his autopsy.
It seems that the hacker stole 7.95205862 bitcoins ($ 28,200) from five victims, according to a message with bitcoins that the victims shared on the Internet and said they belong to the hacker.
Although the hacker was able to intercept one-time 2FA codes, the exchange recommended that users turn on the function anyway, since it could still provide better protection against hacking than not using it at all.
“Currently, your LocalBitcoins accounts are safe to log in and use. They recommend that it users enable two-factor authentication if you have not done so already, ”the message says.