The popular peer-to-peer cryptocurrency exchange LocalBitcoins has seemingly been compromised, as users are reporting its forums were redirecting them to a login page that then sent their details to a hacker. An address being shared already has nearly 8 BTC – around $28,600 – in it.
According to a thread on the popular r/Bitcoin subreddit, LocalBitcoins has been compromised by a hacker looking to steal the exchange’s balances. Visiting its forums, they’re prompted with a login screen that implies they’ve been logged out.
My heart jumped a bit when I saw the words "LocalBitcoins compromised".... I expected the worst.
This is like when attackers were DNS spoofing the MyEtherWallet domain. This is a really old hacking technique that has little to with LocalBitcoins' security and everything to do with the crappy, centralized DNS. They hijacked the domain registry for the LocalBitcoins forums and a handful of people fell for it by logging in before administrators could shut down the forums. I'm glad the losses were limited to only 8 BTC.