A peer-to-peer cryptocurrency exchange portal named LocalBitcoins has revealed a security breach that occurred on 26th January which lasted for around five hours.
During the breach, while the users accessed the LocalBitcoins forum, they were redirected to a phishing forums login page.
The attackers steal the login credentials from users, try to login to their accounts and in case the accounts are protected by a 2factor authentication system, then they would ask for a 2FA one-time code also.
LocalBictoins took down its forum when it came to know about the attack and they had disabled the transactions on its platform temporarily to prevent the attackers from stealing money from any accounts which they had managed to compromise.
They publishing a report of the investigation regarding the hack which stated that they have identified the problem and it was due to a feature that was powered by a third-party software. It was not sure which forum widget was compromised doe to the attack.
The exchange confirmed that user’s funds have been stolen in the attack and 6 accounts which was affected was identifies during the investigation.
The hackers have stolen $28,200 worth of bitcoins from 5 victims according to a Bitcoin address which the victims shared online and claimed it belonged to the hacker.
Even though the hackers were able to grab the 2FA one-time codes, the exchange recommends the users to enable this feature as it could still provide better protection against hacks compared to when it is not used.
LocalBitcoins have reportedly stopped the attack following which they have resumed the trading activities and the accounts are currently safe to log in and use.