A link to a phishing LocalBitcoins clone website had been placed on the official LocalBitcoins forum, but the attack has since been stopped. A LocalBitcoins community manager warned of the attack on Reddit on Jan. 26.
According to the post, an unidentified hacker or hacker group detected a security vulnerability in the LocalBitcoins forum and linked it to a phishing forum. Even before the official communication, a Reddit user warned in a post on the Bitcoin (BTC) subreddit:
“When visiting the localbitcoins forum [...] users are prompted to log into their account, as if they have been logged out. This only seems to happen if you are already logged in. This is is [SIC] a PHISHING SITE and 2FA codes are being used to empty customer accounts. Withdrawals have since been suspended by LocalBitcoins.”
The alleged address of the hacker (or hackers) — identified in the comments by a user who claims to have been hacked — has received a total of 7.95205862 BTC in five different transactions, which is equivalent to about $28,134 at press time. The user also urges:
“Please get the address 13WaahhsiGph4ysmQtjVhVTdgQUSL62KJr blacklisted on exchanges.”
In the Reddit post published by the community manager, LocalBitcoins claims that the identified vulnerability was contained in third-party software, and confirmed six known cases of users being affected.
The company also reportedly stopped the attack and re-enabled outgoing transactions (which were temporarily disabled). Still, the post notes that the forum feature is still disabled until further notice.
As Cointelegraph recently reported, following international police collaboration, a 36-year-old individual suspected of the theft of over $11 million in IOTA through another phishing scam was arrested.