Imagine being on a chat. You think you’re talking to a friend or to a co-worker, or maybe you’re trying to contact a company to see about replacing something that was lost or damaged in a recent order. In the midst of it all, a hacker integrates the chat system you’re using, logs in and steals all of your bitcoins. Pretty upsetting, right?
Well, for a few users of peer-to-peer marketplace LocalBitcoins, that’s exactly what happened, and many feel that the event is just one too many in a recent string of hackings that include an attack on European exchange Bitstamp, which resulted in $5 million in stolen bitcoins. Many are now vouching for two-factor authentication or multi-sig wallet platforms on all bitcoin exchanges.
LocalBitcoins Vice-president Nikolaus Kangas acknowledged the hacking and believes that the culprit used a special kind of malware that was able to bypass security and spread through the company’s LiveChat system. 17 bitcoins have been stolen from up to three users.
Kangas explains:
“The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.”
The company has encountered security issues before; last year, a hacker briefly gained access to servers and customer data information. Luckily, none of that information was lost or compromised, but this particular incident has resulted in lost funds, and customers are not happy about the occurrence.
LocalBitcoins has promised refunds to all victimized users.
Images from localbitcoins.