LocalBitcoins Resumes Outgoing Transactions After Warnings of Phishing Link on Forum

Published at: Jan. 27, 2019

A link to a phishing LocalBitcoins clone website had been placed on the official LocalBitcoins forum, but the attack has since been stopped. A LocalBitcoins community manager warned of the attack on Reddit on Jan. 26.

According to the post, an unidentified hacker or hacker group detected a security vulnerability in the LocalBitcoins forum and linked it to a phishing forum. Even before the official communication, a Reddit user warned in a post on the Bitcoin (BTC) subreddit:

“When visiting the localbitcoins forum [...] users are prompted to log into their account, as if they have been logged out. This only seems to happen if you are already logged in. This is is [SIC] a PHISHING SITE and 2FA codes are being used to empty customer accounts. Withdrawals have since been suspended by LocalBitcoins.”

The alleged address of the hacker (or hackers) — identified in the comments by a user who claims to have been hacked — has received a total of 7.95205862 BTC in five different transactions, which is equivalent to about $28,134 at press time. The user also urges:

“Please get the address 13WaahhsiGph4ysmQtjVhVTdgQUSL62KJr blacklisted on exchanges.”

In the Reddit post published by the community manager, LocalBitcoins claims that the identified vulnerability was contained in third-party software, and confirmed six known cases of users being affected.

The company also reportedly stopped the attack and re-enabled outgoing transactions (which were temporarily disabled). Still, the post notes that the forum feature is still disabled until further notice.

As Cointelegraph recently reported, following international police collaboration, a 36-year-old individual suspected of the theft of over $11 million in IOTA through another phishing scam was arrested.

Also, news broke earlier this month that Indian police have arrested an associate of a group accused of conducting a crypto scam involving 5 billion rupees (about $70.5 million).

Tags
Related Posts
Binance Helps UK Police to Stop $51 Million Phishing Fraud
Binance claims to have assisted British prosecutors in an investigation of an online fraud that resulted in over $51 million losses by victims. Criminal is now jailed On Sept. 26, Binance’s chief compliance officer Samuel Lim published a blog post saying that the exchange was working with the Cyber Crime Unit of the United Kingdom’s Metropolitan Police Service to investigate into Bulgarian phishing expert Svetoslav Donchev. As officially reported by the Crown Prosecution Service (CPS), Donchev, 37, was extradited to the U.K. from Bulgaria to face the online scamming fraud charges and pleaded guilty to five offences to receive a …
Cryptocurrency Exchange / Sept. 27, 2019
Four Out of Five Top Bitcoin QR Code Generators are Scams: Report
Four out of the first five results presented when querying Google for a “bitcoin qr generator” lead to scam websites. The findings Cryptocurrency wallet ZenGo wrote the findings in a blog post published on Aug. 29. Reportedly, when researching prior to implementing QR Code support in their wallet, ZenGo learned of the prevalence of scam QR Code generators. The company explains how the alleged scam works: “These sites generate a QR code that encodes an address controlled by the scammers, instead of the one requested by the user, thus directing all payments for this QR code to the scammers.” QR …
Hacks / Sept. 6, 2019
North Korean Hacker Group Modifies Crypto-Stealing Malware
The Lazarus hacker group, which is allegedly sponsored by the North Korean government, has deployed new viruses to steal cryptocurrency. Major cybersecurity firm Kaspersky reported on Jan. 8 that Lazarus has doubled down its efforts to infect both Mac and Windows users’ computers. The group had been using a modified open-source cryptocurrency trading interface called QtBitcoinTrader to deliver and execute malicious code in what has been called “Operation AppleJeus,” as Kaspersky reported in late August 2018. Now, the firm reports that Lazarus has started making changes to the malware. Kaspersky identified a new macOS and Windows virus named UnionCryptoTrader, which …
Cryptocurrencies / Jan. 9, 2020
Report: Two Israeli Brothers Arrested for Hack of Bitfinex Crypto Exchange
Two Israeli brothers have been arrested in connection with the hack of cryptocurrency exchange Bitfinex and other crypto-related phishing attacks, finance news outlet Finance Magnates reports on June 23. An Israeli police spokesperson reportedly told Finance Magnates that Eli Gigi and his younger brother Assaf Gigi netted tens of millions of dollars. The two are suspected of being responsible for long-term systematic theft of cryptocurrencies by maliciously obtaining access to other users’ accounts. The two allegedly created credential-stealing clones of major online cryptocurrency exchanges and wallets and sent links to those phishing sites on Telegram groups and other cryptocurrency-related communities. …
Bitcoin / June 23, 2019
Cybersecurity analyst reveals 8 sneaky crypto scams on Twitter right now
Cybersecurity analyst Serpent has revealed his picks for the most dastardly crypto and non-fungible token (NFT) scams currently active on Twitter. The analyst, who has 253,400 followers on Twitter, is the founder of artificial intelligence and community-powered crypto threat mitigation system, Sentinel. In a 19-part thread posted on Aug. 21, Serpent outlined how scammers target inexperienced crypto users through the use of copycat websites, URLs, accounts, hacked verified accounts, fake projects, fake airdrops, and plenty of malware. One of the more worrisome strategies comes amid a recent spate of crypto phishing scams and protocol hacks. Serpent explains that the “Crypto …
Blockchain / Aug. 22, 2022