The popular peer-to-peer cryptocurrency exchange LocalBitcoins has seemingly been compromised, as users are reporting its forums were redirecting them to a login page that then sent their details to a hacker. An address being shared already has nearly 8 BTC – around $28,600 – in it.
According to a thread on the popular r/Bitcoin subreddit, LocalBitcoins has been compromised by a hacker looking to steal the exchange’s balances. Visiting its forums, they’re prompted with a login screen that implies they’ve been logged out.
@LocalBitcoins has apparently been compromised. Users are claiming its forums were redirecting them to a login page that was a phishing website.
— Francisco Memoria (@FranciscoMemor) January 26, 2019
As soon as they enter their credentials, the thread claims, these are sent to the hacker who then empties their accounts. An address being shared on social media already has $28,600 worth of BTC in it, after tricking 5 victims.
On the thread, various users have claimed to have lost funds, including one who says 11 BTC were taken from his address. If so, this could mean the hacker is siphoning funds to other addresses.
On another thread, a user has claimed someone attempted to start a trade with him to get him to go to the forums. Handling the situation LocalBitcoins has already disabled its forums and, according to some, disabled withdrawals to prevent the hacker from netting any more BTC.
Currently, users are advised not to log into the platform until the exchange lets out a statement on the issue. At press time, none has been published and its social media profiles haven’t yet published any updates as well.
Last year, the peer-to-peer cryptocurrency exchange updated its terms of service (ToS), in a move that meant some of the platform’s users would have to start verifying their ID with the company in specific situation, including if they were under investigation or traded over certain limits.