Cyber Threat Actor: Jimpo
| Actor Type | Location | Known Incidents |
Criminal
|
Finland
|
1 incident |
|---|
Profile
Jimpo is the alias used by a threat actor that has been identified as operating from Finland. On January 26, 2019, this actor was publicly linked to a security breach that impacted the cryptocurrency exchange LocalBitcoins. The attack employed a phishing scheme in which victims were directed to a counterfeit login page that closely mimicked the legitimate LocalBitcoins interface. Through this deceptive page, the actor harvested both user credentials and the corresponding two‑factor authentication codes required for account access. The stolen information enabled unauthorized access to six distinct user accounts hosted on the platform. Using the compromised credentials, the actor transferred approximately 7.95 bitcoins out of those accounts, constituting the total proceeds of the theft.
LocalBitcoins publicly attributed the breach to a vulnerability present in third‑party forum software that was integrated into its website at the time. In response to the incident, the exchange temporarily suspended its forum and transaction services to prevent further exploitation while it conducted an internal review. A thorough investigation was carried out to determine the full scope of the compromise and to verify whether any additional accounts had been affected. After the investigation concluded, normal forum and transaction operations were restored once the necessary security patches had been applied. The primary motive evident from the incident was financial gain, as the actor sought to monetize the stolen cryptocurrency through unauthorized transfers. To date, no other publicly reported campaigns or operations have been definitively tied to the Jimpo alias, leaving this LocalBitcoins breach as the sole confirmed activity associated with the actor.
