|
Title: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: Madness on January 29, 2015, 11:21:29 AM and this is just another Bitcoin exchange website getting hacked ... are they some kind of serial hackers or what , bitcoin websites are going down one after another :o
Kangas told CoinDesk that he believed the hackers used an unknown kind of malware that was able to bypass existing security measures, and took personal responsibility for the LiveChat intrusion. and he explained the following : Quote “The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.” At least they are taking some responsability I guess and they going to refund the affected users if I understood right : "Affected users will be granted refunds after taking steps to address security vulnerabilities, according to the company" more informations about this accident can be found here : http://www.coindesk.com/localbitcoins-user-funds-stolen-chat-client-hack/ What do you guys think ? Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: MaoChao on January 29, 2015, 11:33:19 AM I received a message from attacker by LiveChat, but did not download anything.
He threatened to block localbitcoins account if I do not download the file. Be careful, my friends. Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: hardshot on January 29, 2015, 11:34:25 AM From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen. Don't trust the trollbox... Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: cr1776 on January 29, 2015, 11:38:00 AM From what you say, this is not the website itself got hacked. Those users who aren't very smart just installed some dudes software and complain that their funds got stolen. Don't trust the trollbox... This and what MaoChao said. Sounds like social engineering not a "hack." Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: Madness on January 29, 2015, 11:41:08 AM From what you say, this is not the website itself got hacked. Those users who aren't very smart just installed some dudes software and complain that their funds got stolen. Don't trust the trollbox... This and what MaoChao said. Sounds like social engineering not a "hack." Coding,Programming and hacking skills are required to create such malwares man . It's not like it's a simple keylogger open source but yes it's correct , Most of it it's social engineering . It's not that hard to convice people to download a file from you. Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: bitbaby on January 29, 2015, 11:46:26 AM I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum?
Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: Lauda on January 29, 2015, 11:50:14 AM Since when does an intelligent person download .exe files from the live-chat? Sigh. ::)
Nothing special about this. We often have 'fake' coin clients in the altcoin section. Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: MaoChao on January 29, 2015, 11:51:43 AM I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum? Usually LiveChat enabled if support is online.Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: Madness on January 29, 2015, 11:59:54 AM I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum? Usually LiveChat enabled if support is online.LiveChat enabled if support is online only ? Users are able to chat with each other or only with Support/Staff members because it wouldn't make sense if only with the Support team otherwise this means that the hacker hacked the support team accounts then sent the files to the user (taking idendity of Support team) Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: MaoChao on January 29, 2015, 12:03:59 PM LiveChat enabled if support is online only ? Yes.Users are able to chat with each other or only with Support/Staff members because it wouldn't make sense if only with the Support team otherwise this means that the hacker hacked the support team accounts then sent the files to the user (taking idendity of Support team) Only with Support members.Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: haploid23 on January 29, 2015, 12:13:28 PM OP, you're making the problem sound bigger than it really was. This only affected like 4 people that actually lost BTC. The hack alone wouldn't have done shit. Those users that lost BTC were 1) gullible, and 2) had no sense of security for their BTC. A simple 2FA would have prevented this.
LBC handled it well. Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: TrailingComet on January 29, 2015, 12:30:53 PM Local bitcoins has been going down the shitter for a while
If you had funds on there, you gotta blame yourself Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: cr1776 on January 29, 2015, 12:36:29 PM From what you say, this is not the website itself got hacked. Those users who aren't very smart just installed some dudes software and complain that their funds got stolen. Don't trust the trollbox... This and what MaoChao said. Sounds like social engineering not a "hack." Coding,Programming and hacking skills are required to create such malwares man . It's not like it's a simple keylogger open source but yes it's correct , Most of it it's social engineering . It's not that hard to convice people to download a file from you. Obviously coding is required, but the implication that it was a localbitcoins chat client hack implies their systems were compromised when in fact what was compromised was a user's system because the downloaded something that they shouldn't have. Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: Q7 on January 29, 2015, 12:56:10 PM I don't think it's entirely localbitcoin's fault that lead to the hack. But one thing good about them is their sense of responsibility as a company as they are even willing to refund those who had their coins lost.
Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: Madness on January 29, 2015, 12:58:53 PM I don't think it's entirely localbitcoin's fault that lead to the hack. But one thing good about them is their sense of responsibility as a company as they are even willing to refund those who had their coins lost. Correct about the responsibility thing. but for their fault ... well, I never used their website to be honest but MaoChao said that only Support is able to LiveChat with Customers so basically it's their fault if their Support Team aren't secure enough and got hacked otherwise how the hacker would send PM to the other users . he couldn't Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: BitcoinHeroes on January 29, 2015, 01:48:22 PM Two words guys, cold storage. Actually three words cold storage and sandbox.
Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: koelen3 on January 31, 2015, 06:56:32 PM Well! fault of them downloading the file but still why wouldn't some newbie trust a live chat rep ???
Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: AGD on February 01, 2015, 07:19:57 AM Since when does an intelligent person download .exe files from the live-chat? Sigh. ::) Nothing special about this. We often have 'fake' coin clients in the altcoin section. They do even download the files in topics with titles like "Is this a Virus?", even when 100% of the postings say, that this IS a virus. Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: Wendigo on February 01, 2015, 09:44:49 AM I had someone random hit me up on Steam chat and post an image link with malicious code embedded in it. I fear for the kids there lol.
Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: Stifler on February 01, 2015, 10:15:17 AM and this is just another Bitcoin exchange website getting hacked ... are they some kind of serial hackers or what , bitcoin websites are going down one after another :o Yes. You've got to be aware that there are many groups of hacker thieves out there who spend a lot of time trying to find holes and exploits to take your money. It's very profitable for them and exchanges need to always stay one step ahead of the hackers which obviously isn't easy to do. Title: Re: LocalBitcoins User Funds Stolen After Chat Client Hack Post by: manselr on February 01, 2015, 11:11:57 AM The only way to not get hacked is hving your coins in your computer.
|