Main Page > Blog >

 

LocalBitcoins Phishing Attack + Cryptopia Hack in High Risk Addresses of the Month

Jan 28, 2019

About Us

Recognized as a global leader in RegTech for blockchain, Coinfirm serves as a foundation for the safe adoption and use of blockchain. The Coinfirm AML/CTF Platform uses proprietary algorithms and big data analysis to provide structured, actionable data that solves compliance and transaction risk issues in blockchain and cryptocurrencies. The blockchain agnostic platform is currently used by anyone ranging from major financial institutions to exchanges. In addition, Coinfirm develops dedicated blockchain solutions such as the data provenance platform Trudatum that was recently integrated by the largest bank in CE.



Follow Us

blog-image


1. Localbitcoins Phishing Attack

Stolen Funds from Recent Localbitcoins Phishing attack lead to largest exchange

LocalBitcoins was hit by a hacker who managed to steal 7.95 BTC (approx. $27,825) by using a fake link to LocalBitcoins website located on their forum.

Source:https://www.reddit.com/r/local...

According to the LocalBitcoins and their security vulnerability report on the 26th of January 2019 around 10:00 AM UTC they admitted that LocalBitcoins detected a security breach and stated that the attack “was related to a feature powered by a third party software”

The LocalBitcoins Forum caused this issue and was immediately taken down by the LocalBitcoins team.

There are currently 6 victims identified and according to one of the victims, the funds have been already reimbursed by LocalBitcoins, which is good news. Let’s have a look into the details, first info about issues with the LocalBitcoins Forum were mentioned on reddit around around 1:00 AM UTC on Jan 26th where one of the users wrote that visiting the LocalBitcoins forum redirects to a phishing website which looks like LocalBitcoins, however the user is not logged in and when the user inputs their login the website captures the login, password and 2FA codes to withdraw user’s funds, as you can see below:

Source:https://www.reddit.com/r/local...

sources: https://www.reddit.com/r/local... | https://muut.com/i/localbitcoi...

We have closely investigated this case and this address 13WaahhsiGph4ysmQtjVhVTdgQUSL62KJr belongs to the entity who perpetrated the phishing attack which received 6 payments from LocalBitcoins, as you can see below the stolen coins were sent to 5 different addresses before they ended up here: 1FtVm5cV6fwJ67E859LmkxQWb3X3K5VPiP

According to our data this is a deposit address of one of the biggest exchanges in the cryptocurrency space. Even though, this exchanges address received only ~7.95BTC from the LocalBitcoin phishing attack, it has received in total 3184.57 BTC (~$12,447,489 at the txs dates) valued around $10,827,541 today throughout its existence. Below you can see the path of the stolen coins throughCoinfirm’s Visualizer tool from the Coinfirm AML Platform. This data has been submitted into the AMLT Network, and future risk reports for related addresses will reflect the appropriate updates and risk indicators.

2. Cryptopia Exchange Security Breach

A major New Zealand Cryptocurrency Exchange with over 2M users (source), Cryptopia, announced an unscheduled maintenance on the 13th of January which caused a problem that their users could not log in, deposit or withdraw cryptocurrency assets.



An official statement has been issued by Cryptopia 13 hours later where stated that they suffered a security breach which caused significant losses.



According to the statement above we could assume that they got hacked and lost over 28773.56 ETH which was worth approximately $3.63M at the time of transaction. Stolen coins were sent to this address 0xc8b759860149542a98a3eb57c14aadf59d6d89b9 and they were transferred further to this address: 0xaa923cd02364bb8a4c3d6f894178d2e12231655c.

You can track the whole path of stolen coins thanks to Coinfirm’s tool – Vis as you can see below:


This was the first part of the attack, the second one includes tokens stored on Cryptopia’s Hot Wallet. Coinfirm has analysed this address: 0x9007a0421145b06a0345d55a8c0f0327f62a2224 and it looks like 100 different tokens were stolen resulting in a loss of approx. $13.81M.

The final amount totalled at: $17.44M which is the highest reported loss in 2019 so far.

Please see our AML reports and note that interacting with these 3 addresses may expose you to risk and end up with an increased C-Score.

AML Risk Report of "0x9007a0421145b06a0345d55a8c0f0327f62a2224"



AML Risk Report of "0xaa923cd02364bb8a4c3d6f894178d2e12231655c"



AML Risk Report of "0xc8b759860149542a98a3eb57c14aadf59d6d89b9"





If you're interested in partnering with Coinfirm or becoming an AMLT Network Member then contact us!

Thank you for your continued support and make sure to follow all of our latest updates on Twitter, Facebook, LinkedIn and Telegram Community.

Sincerely,
The AMLT Team