The Finnish, over-the-counter, bitcoin trading startup LocalBitcoins found a security breach in its protocols and temporarily shut down transactions as a result.
A community manager took to Reddit to report the discovery, creating a thread on the LocalBitcoins subreddit. On it, she said that the team had discovered a serious security risk and that “an unauthorised source was able to access and send transactions from a number of affected accounts.”
The attack was “related to a feature powered by a third party software,” which the team was quickly able to identify and stop. So far, the team has discovered six confirmed cases of users being affected by this hack and, as a result, “the forum feature has been disabled until further notice.”
The semi-anonymous contact from LocalBitcoins went on to state that “outgoing transactions have already been re-enabled and we have taken a number of measures to address this issue and secure the limited number of accounts that might have been at risk,” adding that “Your LocalBitcoins accounts are currently safe to log in and use — we encourage you to enable Two-factor authentication [2FA].”
A second employee from LocalBitcoins also came on to answer questions from commenters, claiming that “the exploit was within the forums page software” and, thus, the know-your-customer (KYC) database was not compromised.
The news of a security flaw is particularly concerning because LocalBitcoins is primarily an OTC trading service, generally thought to be the most relatively secure way for users to exchange fiat for crypto. The fact that a hack that bypassed 2FA happened on such a platform is discouraging. Were it not for the proactive response taken by the exchange’s staff, a fairly serious incident could have occurred in the crypto space.