On January 26, 2019, clients of peer-to-peer bitcoin trading service LocalBitcoins were the targets of a phishing scam which resulted in the theft of a handful of bitcoins.
The Scam’s Operation
Reports claimed that the attacker was able to conduct the scam thanks to a security vulnerability on the LocalBitcoins platform. The landing page of the site’s forum reportedly was hacked, leading clients to a phishing site.
The phishing site was designed to carefully mimic the features of the actual LocalBitcoins landing page. Once on it, users were prompted to log in and provide their sensitive, two-factor authentication codes.