PlayIconNav
BTC
$98,972.92+0.67%
ETH
$3,296.39-1.51%
SOL
$253.77-1.79%
BNB
$619.94+0.41%
XRP
$1.44+21.33%
DOGE
$0.40465897+5.48%
CD20
$3,273.20+4.99%
ADA
$0.98253910+24.75%
TRX
$0.20002907+0.69%
AVAX
$39.22+9.71%
SHIB
$0.00002474+0.79%
WBTC
$98,102.95+0.54%
Ad
Markets
Election 2024

LocalBitcoins User Funds Stolen After Chat Client Hack

P2P marketplace LocalBitcoins has experienced a hack on its chat client, resulting in the distribution of malware and loss of customer funds.

By Stan Higgins
AccessTimeIconJan 29, 2015 at 9:24 a.m. UTC
Updated Aug 18, 2021 at 3:36 p.m. UTC
Presented By Icon

Election 2024 coverage presented by

Stand with crypto
hacker-hands-3

Peer-to-peer bitcoin marketplace LocalBitcoins suffered a hack this week that resulted in the distribution of malware and a loss of customer funds.

Affected users will be granted refunds after taking steps to address security vulnerabilities, according to the company.

VolumeMuteUnmute

Guild of Guardians Built to 'Win' the Web2 Mobile Space: Game Director

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0

    • LocalBitcoins

    vice president Nikolaus Kangas acknowledged the hack on 27th January in a forum post, outlining how the intrusion took place through its LiveChat account, with an estimated 17 BTC lost from customer wallets.

    The bitcoin marketplace has experienced security-related problems before, including an incident last year when a hacker gained access to its servers for a brief period of time, though according to LocalBitcoins no customer data was lost. Customers have also reported running afoul of fraudulent users in the past.

    Kangas told CoinDesk that he believed the hackers used an unknown kind of malware that was able to bypass existing security measures, and took personal responsibility for the LiveChat intrusion.

    He explained:

    “The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.”

    Customer postings on LocalBitcoins suggest that at least one user reportedly lost funds through other bitcoin-related accounts, but that user later reported that discussions with the company were underway on a possible solution.

    Awareness prevented spread

    According to the company, three users were identified as having lost funds during the hack. Reports indicate that a lack of two-factor authentication may have been to blame for the fraudulent withdrawals, and LocalBitcoins advised customers to ensure that they are using such security measures to protect their accounts.

    Kangas said that thanks to the combined efforts of LocalBitcoins employees and users of the site, information about the LiveChat compromise was disseminated relatively quickly, noting:

    “Due to fast actions by the Localbitcoins support staff and Localbitcoins.com community, the impact of the attack remained limited. The amount of users affected was fairly low due to general awareness of the users.”

    Kangas added that the company is looking at how they can improve their internal security protocols to avoid similar incidents in the future, and suggested that the incident was illustrative of the costs and challenges of participating in a digital economy.

    “This is not only a challenge to bitcoin users, but to all Internet services and users in general, about how to make those attacks equally expensive for those attackers,” he said.

     Malware image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.