Bitcoin Forum

...

Damn, that hurts
Localbitcoins has been a critical pillar in helping me get into the btc ecosystem in my geography (that has no exchanges)
Hope it gets sorted quickly!

Wow that was dodging the bullet a little to close
Spoof and everything

damn this hackers must be stoped...too many hackings happening lately...this is really pulling down bitcoin. We must do something

It will never stop. Rather we should try to increase the security. There were issues with Localbitcoins for the past 1-2 weeks. Several people were reporting here that their coins were stolen.

I wonder why the hosting gave root access to the attacker without verification ? First of all those spoofing mails should go to spam folder. Even if the mail client's filtering system is not strong, they can readily check the authentication from mail header. This is a severe fault of the hosting administration. I doubt if it is an outside attacker though...

Probably someone hacked the email service of the localbitcoins.com and used the same to have root access. Perhaps they had disabled their cell-phone notifications and other precautions.

So it seems, mail was not hacked. It was spoofed (http://en.wikipedia.org/wiki/Email_spoofing). Probably a simple php mail function usage.

I hope they will be online back soon. Good thing was nothing been hacked. That's the good news so far. But what if attackers gain access to the data?

What would happen?

Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.

Don't be so sure. Even when the news about the Mt Gox hack came out, Karpeles and Co. were initially saying that the users' coins were safe. Everyone knows what happened after that.  >:(

It's called 2 factor authentication.

Something you know =  password
Something you have = your mobile phone / crypto card / (bio info too, finger print, eyeball, face, but I'm not down with that shit!)

I lost BTC in a known exchange site even though i had 2 factor authentication. They did not require just my account, they fucked over the whole exchange site, which the 2factor cannot prevent!

You are right. Even before the Mt Gox scandal, a lot of users lost their coins from the smaller exchanges. Either someone hacked the site and robbed all the coins, or the exchange owner himself stole all of them. 2FA won't do any wonders in such cases.

when an exchange gets hacked its all about cold wallets - real cold wallets not Gox style  ;)

There is no easy solution.  'Security' is never going to be 100% on a web server.  Doesn't matter if you spend $100k/year on a security team, it won't matter. Eventually, you WILL get hacked.

I own sites like https://BitPlastic.com and https://BitLaunder.com and https://CoinChimp.com .. we used to get hacked all the time, and I had to pay clients who lost money out of my own pocket to avoid getting branded a 'scam'.  We hired a security specialist and we haven't been hacked since, but eventually it WILL happen again.  Of that I am 100% sure.

The main consideration for a Bitcoin site owner is simply not store much Bitcoin in 'live wallets' running bitcoind on a server.  If you store your client funds in a 'hot wallet' on the server, you are basically begging to get hacked into oblivion, like Flexcoin and MtGox (although that might have been Karpeles theft).

The other thing you need to worry about is fake deposit addresses. For example, hackers will insert their own deposit address into your mysql table, so when clients send funds to the wallet on the server, actually they are sending funds to the hackers.  This type of thing is usually discovered within a few hours and losses are kept to a minimum. 

I think every Bitcoin website owner needs to maintain an 'insurance' fund of maybe 25% of their profits to simply cover hacking losses. 

Some sort of 'Bitcoin insurance policy' might even be a good business idea!

As far as longterm hacking prevention in the Bitcoin world, I don't see that ever happening.  At least not with the current Bitcoin protocol

Dr. Michael Moriarty
https://BitPlastic.com / https://BitLaunder.com / https://BitArmored.com / https://CoinChimp.com / https://BitSpeculate.com

2FA offers some security but it is not a panacea.  It *might* prevent your account from getting hacked but don't bet on it.  Some hacker may inject a fake deposit address so you send your bitcoin to the hacker instead of the exchange.  Or the site might get hacked and you lose all your funds if they are stored in a hot wallet on the server.