Peer-to-peer cryptocurrency exchange LocalBitcoins has recently published a statement regarding a security incident it suffered this weekend, that saw its users lose nearly 8 BTC (over $28,000) to a hacker who managed to phish their credentials.

According to the company’s statement, the firm detected the security vulnerability at about the time it was being exploited by an “unauthorized source,” which managed to access and send transactions from “a number of affected accounts.”

Responding to the vulnerability the company, as CryptoGlobe covered, temporarily disabled outgoing transactions, and disabled its forums where the users were facing a fake login prompt that then stole their credentials.

Per LocalBitcoins, the problem was “related to a feature powered by a third party software.” After identifying it, they managed to stop the attack. Currently, the firm is determining the number of affected users, although six cases have so far been confirmed. Its forums are still disabled.

Outgoing transactions have already been re-enabled and we have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk.

The peer-to-peer exchange added that it’s now safe for users to log into their LocalBitcoins accounts, and encouraged them to enable two-factor authentication (2FA). According to a Reddit user, this type of security wouldn’t have prevented the attack.

This, as the user believes 2FA wouldn’t have prevented the exploit, which was phishing these credentials which were “likely passed onto a script, which was executed within the 3rd party forum software that emptied the users wallet on their browser.”

An address associated with the hacker has seen the nearly 8 BTC it stole from users move about 10 hours after LocalBitcoins was compromised. The funds have been sent to various addresses and have taken a few hops, suggesting the hacker is trying to hide his tracks, presumably through a mixing service.

Last year, the peer-to-peer cryptocurrency exchange updated its terms of service (ToS), in a move that meant some of the platform’s users would have to start verifying their ID with the company in specific situation, including if they were under investigation or traded over certain limits. This data has reportedly not been affected.