Supply chain
β Supply Chain
LocalBitcoins Third-Party Breach (January 2019)
Primary Source βIncident Details
LocalBitcoins blames security breach on forum ’third-party software’. Hackers appears to have stolen $28,200 from users’ accounts after phishing login credentials and 2FA one-time codes. LocalBitcoins , a peer-to-peer cryptocurrency exchange portal, announced a security breach yesterday, Saturday, January 26. The breach occurred at around 10:00 UTC (05:00 ET) and lasted for almost five hours before the company intervened to stop the ongoing attack.
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- not disclosed
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2019-01-01 Breach occurred
- 2019-01-27 Publicly disclosed