Users who were attempting to login to the LocalBitcoins forum page were instead redirected to a mirrored phishing page. If credentials were entered, the attackers collected them in an attempt to gain access to the accounts. They furthered their efforts by asking for a one-time code if the accounts had 2FA enabled. It was discovered that five out of the six accounts that were affected suffered a total loss of 7.95205862 bitcoins or $28,200 dollars. When LocalBitcoin became aware of the situation, they removed their forum and also temporarily suspended transaction attempts. LocalBitcoin released a statement saying, “We were able to identify the problem, which was related to a feature powered by a third-party software and stop the attack. At the moment, we are determining the correct number of users affected – so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice.”
Analyst Notes
It is heavily advised for users to enable 2FA and be aware of any suspicious redirects when attempting to login. Passwords and other login credentials should also be changed.
