LocalBitcoins Hacked, Security Breach Allowed Unauthorized Transactions
LocalBitcoins detected a security breach that allowed “unauthorized sources” to access and send transactions from a number of affected accounts.
LocalBitcoins detected a security breach that allowed “unauthorized sources” to access and send transactions from a number of affected accounts. So far, there have been six confirmed cases of the breach. The company identified the source of the problem as a “feature powered by third-party software.”
LocalBitcoins is a peer-to-peer trading service that facilitates bitcoin trading without the use of a structured bid/ask order book. Buyers and sellers typically complete trades via bank wire and escrow, with some trades even happening in person.
Unlike other exchange services, cryptocurrency doesn’t need to be held on the platform for buyers. However, sellers may need to use LocalBitcoin’s internal wallet system for the platform’s escrow services. Sellers pay a 1.00 percent fee for every completed trade, and the service is free for buyers.
The breach is problematic because of LocalBitcoin’s internal wallet system:
It is unknown whether wallets were compromised or if bitcoin was stolen during the hack. CryptoSlate reached out to LocalBitcoins for more clarity around the breach and has yet to receive a response.
According to the company’s statement, outgoing transactions were disabled, but have since been re-enabled. Furthermore, the company also disabled the LocalBitcoin forums for “security reasons” until further notice.
As part of the public statement, the company claims:
“We have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk.”
As with many online services, LocalBitcoins recommends users enable two-factor authentication to prevent unauthorized account access in the case of a future breach.
Security in the cryptocurrency sphere has been an ongoing problem. Third-party services are prone to hacks (and some even speculate that some of these hacks are “insider jobs”). However, unlike other financial services, it is ultimately up to the user to educate and protect themselves against hacking.