LocalBitcoins Hack Proves Bitcoin Wallets Need Two-Factor Authentication

Users of LocalBitcoins, a peer-to-peer marketplace for the virtual currency, had their funds stolen this week after the service’s chat client was hacked.

An estimated 17 BTC (around £2,539) was lifted from customer wallets, though the company has said that all users affected will be granted full refunds after taking steps to address security vulnerabilities

LocalBitcoins VP, Nickolaus Kangas, told CoinDesk that he believed the hackers were using a new kind of malware that could bypass the service’s existing security measures and gain access to wallets through the LiveChat feature.

Wallet lockdown

He said, “The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.”

The attack was quickly spotted and shut down by LocalBitcoins staff, meaning it only affected three users who reportedly did not have two-factor authentication on their wallets.

The majority of Bitcoin thefts today are the result of inadequate wallet security that means hackers can steal private keys to users’ funds.

LocalBitcoins now recommends that all customers ensure they are using rigorous security measures, such as two-factor authentication, to protect their accounts.