One of the leading peer-to-peer (P2P) trading platforms for fiat-to-Bitcoin transactions has admitted to being the victim of another cyber-attack. Finnish platform LocalBitcoins confirmed it suffered a security breach for more than five hours, resulting in cyber-criminals gaining access to a minimum of six user accounts and stealing BTC 7.9, worth approximately $27,000.
How did it happen?
The platform published a post to its community via Reddit and confirmed that an “unauthorized source was able to access and send transactions from a number of affected accounts”. Reports elsewhere online have intimated that the access issue was linked to the LocalBitcoins discussion forum, and further fuel was added to the fire when LocalBitcoins later revealed the breach was caused by “a feature powered by a third-party software”.
Many LocalBitcoins users have reported of being redirected to a page that looked virtually identical to the LocalBitcoins login screen whenever they attempted to sign in to the platform’s discussion forum. The cyber-criminals used this fake login page to obtain customers’ login details and their two-factor authentication (2FA) digits to make a quick entry. It is said that the only way for the platform to cease the security breach was to shut down its discussion forum in its entirety.
Morrowind/Shutterstock. 2FA offers a much-needed additional layer of security protection for all online applications
Although at least six cases of customers losing Bitcoins have been confirmed, LocalBitcoins has confirmed it is still working to determine the total number of users affected. The platform opted to reinforce the importance of 2FA for all LocalBitcoins users. The security breach is a bitter blow to LocalBitcoins’ global reputation, given that users can now buy Bitcoin and sell it using fiat currencies in 248 countries worldwide.
Despite this latest setback, it remains one of the most innovative ways to exchange fiat currency for Bitcoin. Unlike other Bitcoin exchanges, LocalBitcoins operates more like an online advertising platform where sellers and buyers can meet up in person or be connected online for a truly anonymous transaction. Generally, LocalBitcoins prices for Bitcoin tend to be higher than the market value, but this is due to the fact that sellers can set their prices at rates that other exchanges simply can’t.
An increase in security
Budding cryptocurrency investors are being reminded of the potential pitfalls of using any online cryptocurrency exchange. LocalBitcoins is by no means the first or the last platform to be attacked by either individual hackers or distributed denial of service (DDoS) methods. It’s important to remember that some crypto exchanges don’t permit you to physically own the coins inside your exchange wallets. Instead, you’re buying and selling the right to claim a specific amount of coins. Platforms such as Bitfinex and Bittrex have both fallen foul of cyber-attacks with DDoS attacks responsible for their users’ loss of funds. Worryingly, neither platform was able to discover the root cause behind their attacks.
Obviously, this latest LocalBitcoins security breach pales into insignificance in comparison with the 2011 Mt. Gox hack, which saw the exchange hacked twice, resulting in 750,000 Bitcoins going missing from the platform. This issue still plagues the price of Bitcoin today. Nevertheless, the fact that the loss of fewer than eight Bitcoins is making big news goes to show that security is slowly improving in the crypto space.
Featured image: Casimiro PT/Shutterstock