Cyber Incident Victim: LocalBitcoins

On or around January 26, 2019, LocalBitcoins experienced a security breach involving unauthorized access to user accounts through a phishing campaign targeting its online forum. Attackers compromised the platform by redirecting users to a fraudulent login page designed to mimic the legitimate LocalBitcoins interface. This fake page harvested login credentials and two-factor authentication (2FA) one-time codes entered by unsuspecting users. The phishing mechanism operated through vulnerabilities in third-party software that powered LocalBitcoins' forum feature, though the specific software vendor was not disclosed. During the attack window, six user accounts were compromised, resulting in the theft of 7.95205862 bitcoins valued at approximately $28,200 based on contemporaneous exchange rates. The incident caused service disruptions as affected users reported unauthorized transactions and account access issues.

LocalBitcoins responded by immediately taking its forum offline to terminate the attack vector and temporarily suspended all platform transactions to prevent further fund movements. The company conducted forensic analysis to identify compromised accounts and confirmed the breach originated from the third-party forum infrastructure rather than LocalBitcoins' core trading systems. After securing the environment, LocalBitcoins restored trading functionality and published a post-mortem report detailing the incident scope and remediation steps. No evidence suggested broader compromise of wallet systems or non-forum-related platform components. The company advised users to enable 2FA as a protective measure while emphasizing that standard account logins remained secure following forum deactivation. Financial losses were confined to the six identified accounts, with no additional breaches reported after service restoration.