Yesterday the peer to peer bitcoin (BTC) exchange, LocalBitcoins was exploited by a phishing attack, resulting in the loss of nearly 8 BTC – a USD equivalency of over $28,000 – today the exchange has released a statement clarifying details of the attack.
Within the statement, which was posted on Reddit, the company tells of discovering a security vulnerability from an “unauthorized source”, elaborating that this source was able to access and send transactions from a number of affected accounts.
After disabling outgoing transactions, the firm apparently identified the issue which emanated from a “third party software”, swiftly putting an end to the attack.
At this time six user accounts have been confirmed as compromised.
The exchange continued to relay that they have re-enabled outgoing transactions, adding that the forums are still disabled as the exploit was allegedly within the forums pages.
The phishing attack which took place yesterday, and was responsible for draining approximately 8 BTC from various user accounts.
Users allegedly found address in which the funds were forwarded:
Subsequently pleading exchanges to blacklist the address.
Following the Cryptopia hack, this stands as yet another unfortunate example of the importance of holding funds outside of exchanges where possible.