According to the Finland-based company, after nearly two days of investigation there is no indication that their site has been compromised. Instead, the company claims that malware on Android OS client devices appears to be the issue. In most of the reported cases (less than 30 total incidents, they claim), there are only two cases where two-factor authentication was enabled. In both cases, the second factor passwords were present on the devices, suggesting that the device was compromised.
The post also also explained that user funds were still safe, and were protected even in the event of a compromised server.
Most of Bitcoins stored on LocalBitcoins are in cold storage. Even if the LocalBitcoins servers were compromised, the attackers would still not get access to stored user Bitcoins. When the LocalBitcoins hot wallet was being emptied due to high volume of withdraws, the withdraws started to delay. LocalBitcoins choose not to top up the hot wallet until the incident is investigated.
It’s still not clear what specific malware is causing the issue.