Another day, another hack. Localbitcoins, one of the most popular websites for p2p OTC crypto trading, reported that it detected a security flaw, which was exploited by an anonymous hacker.
According to a Reddit Post, the security team at Localbitcoins found about the hack at around 10:00:000 UTC yesterday. The platform revealed that an anonymous user discovered a vulnerability in its security systems, and proceeded to manipulate the funds that at least six users kept in their local wallets, sending them to an unknown destination.
“We would like to inform that today 26.01.2019 at approximately 10:00:00 UTC, LocalBitcoins has detected a security vulnerability – an unauthorized source was able to access and send transactions from a number of affected accounts. Outgoing transactions were temporarily disabled while we investigated the case.”
The Exchange notes that they were able to quickly identify the problem. It was a vulnerability created by the use of a third party software. According to the Exchange, even though the hacker was able to access an undisclosed number of users, only a few of them were actually affected.
According to Localbitcoins, the fault was quickly fixed. In the first stage, the team proceeded to neutralize the bug by blocking user access to wallets. Also, trading was temporarily suspended. A few hours after the “hack” the platform was again fully operational with all announcements and operations performed in a normal way.
The LocalBitcoins team commented that besides the events mentioned above, it had no significant complications. They don’t disclose if the platform will compensate affected traders or if they have been able to track the lost Bitcoins. Also, the forum has been disabled, so users can only interact via the cyphered p2p chat once a trade is open:
“We were able to identify the problem, which was related to a feature powered by a third party software, and stop the attack. At the moment, we are determining the correct number of users affected – so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice.”
Localbitcoins does not mention the methodology used by the hacker, nor do they provide details on the number of bitcoins lost. It remains unknown whether the BTC were transferred from Local Bitcoins to a single external wallet or to different addresses.