LocalBitcoins, a peer-to-peer cryptocurrency exchange portal, has recently published a statement relating to a security breach it suffered on Saturday last week.
According to a thread, which appeared on Reddit, LocalBitcoins users lost nearly 8 BTC (over $28,000/£21,272) to a hacker who managed to phish their credentials.
The firm detected the security vulnerability after an “unauthorised source” managed to gain access and send transactions from a number of affected accounts.
According to the statement, LocalBitcoins stopped the attack by taking down its forum and temporarily disabling transactions to prevent hackers from stealing money from other accounts.
LocalBitcoin said the source of the problem was related to third-party software. The breach lasted for almost five hours before the company intervened to prevent the ongoing assault.
“We were able to identify the problem, which was related to a feature powered by a third-party software,” the company said on Reddit. “For security reasons, the forum feature has been disabled until further notice.”
“Outgoing transactions have already been re-enabled and we have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk.”
LocalBitcoins said they’re currently determining the correct number of affected users, but so far, six cases have been confirmed.
Enable two-factor authentication (2FA)
The company added that it’s now safe for users to log into their LocalBitcoins accounts, and advised users to enable two-factor authentication (2FA) to prevent any unauthorised access in the future.
“Your LocalBitcoins accounts are currently safe to log-in and use – we encourage you to enable two-factor authentication if you have not yet.”