1. Localbitcoins Phishing Attack
Stolen funds from the recent Localbitcoins Phishing attack lead to the largest exchange.
LocalBitcoins was hit by a hacker who managed to steal 7.95 BTC (approx. $27,825) by using a fake link to LocalBitcoins website located on their forum.
According to the LocalBitcoins and their security vulnerability report on the 26th of January 2019 around 10:00 AM UTC they admitted that LocalBitcoins detected a security breach and stated that the attack “was related to a feature powered by a third-party software”
The LocalBitcoins Forum caused this issue and was immediately taken down by the LocalBitcoins team.
There are currently 6 victims identified and according to one of the victims, the funds have been already reimbursed by LocalBitcoins, which is good news. Let’s have a look into the details, first info about issues with the LocalBitcoins Forum were mentioned on Reddit around 1:00 AM UTC on Jan 26th where one of the users wrote that visiting the LocalBitcoins forum redirects to a phishing website that looks like LocalBitcoins, however, the user is not logged in and when the user inputs their login the website captures the login, password and 2FA codes to withdraw user’s funds, as you can see below:
sources: https://www.reddit.com, https://muut.com
We have closely investigated this case and this address 13WaahhsiGph4ysmQtjVhVTdgQUSL62KJr belongs to the entity who perpetrated the phishing attack which received 6 payments from LocalBitcoins, as you can see below the stolen coins were sent to 5 different addresses before they ended up here: 1FtVm5cV6fwJ67E859LmkxQWb3X3K5VPiP
According to our data, this is a deposit address of one of the biggest exchanges in the cryptocurrency space. Even though this exchange address received only ~7.95BTC from the LocalBitcoin phishing attack, it has received in total 3184.57 BTC (~$12,447,489 at the txs dates) valued at around $10,827,541 today throughout its existence. Below you can see the path of the stolen coins through Coinfirm’s Visualizer tool from the Coinfirm AML Platform.
2. Cryptopia Exchange Security Breach
A major New Zealand Cryptocurrency Exchange with over 2M users (source), Cryptopia, announced unscheduled maintenance on the 13th of January which caused a problem that their users could not log in, deposit or withdraw cryptocurrency assets.
An official statement has been issued by Cryptopia 13 hours later where they stated that Cryptopia had suffered a security breach that caused significant losses.
According to the statement above, we can assume that Cryptopia got hacked and lost over 28773.56 ETH which was worth approximately $3.63M at the time of the transaction.
Stolen coins were sent to this address 0xc8b759860149542a98a3eb57c14aadf59d6d89b9 and they were transferred further to this address: 0xaa923cd02364bb8a4c3d6f894178d2e12231655c.
You can track the whole path of the stolen coins in the Cryptopia hack thanks to Coinfirm’s tool – Visualizer as you can see below:
This was the first part of the attack, the second one includes tokens stored on Cryptopia’s Hot Wallet. Coinfirm has analysed this address: 0x9007a0421145b06a0345d55a8c0f0327f62a2224 and it looks like 100 different tokens were stolen resulting in a loss of approx. $13.81M.
The final amount totaled $17.44M which is the highest reported loss in 2019 so far.
Please see our AML reports and note that interacting with these 3 addresses may expose you to risk and end up with an increased C-Score.
AML Risk Report of “0x9007a0421145b06a0345d55a8c0f0327f62a2224”
AML Risk Report of “0xaa923cd02364bb8a4c3d6f894178d2e12231655c”
AML Risk Report of “0xc8b759860149542a98a3eb57c14aadf59d6d89b9”
The Coinfirm Team