Malware causes wallet woes for LocalBitcoins

Person-to-person bitcoin-exchange and escrow service LocalBitcoins has had a rough couple of days. On Wednesday, reports began to surface on IRC and the site’s forums that user wallets had been compromised. Standard protections, such as long passwords and two-factor authentication, seemed to have no effect on the hacks. Posts on the LocalBitcoins blog confirm that in at least some cases, this has happened.

According to the Finland-based company, after nearly two days of investigation there is no indication that their site has been compromised. Instead, the company claims that malware on Android OS client devices appears to be the issue. In most of the reported cases (less than 30 total incidents, they claim), there are only two cases where two-factor authentication was enabled. In both cases, the second factor passwords were present on the devices, suggesting that the device was compromised.

The post also also explained that user funds were still safe, and were protected even in the event of a compromised server.

Most of Bitcoins stored on LocalBitcoins are in cold storage. Even if the LocalBitcoins servers were compromised, the attackers would still not get access to stored user Bitcoins. When the LocalBitcoins hot wallet was being emptied due to high volume of withdraws, the withdraws started to delay. LocalBitcoins choose not to top up the hot wallet until the incident is investigated.

It’s still not clear what specific malware is causing the issue.