LocalBitcoins User Funds Stolen After Chat Client Hack

[Madness]

and this is just another Bitcoin exchange website getting hacked ... are they some kind of serial hackers or what , bitcoin websites are going down one after another
Kangas told CoinDesk that he believed the hackers used an unknown kind of malware that was able to bypass existing security measures, and took personal responsibility for the LiveChat intrusion.
and he explained the following :

“The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.”

At least they are taking some responsability I guess and they going to refund the affected users if I understood right :

"Affected users will be granted refunds after taking steps to address security vulnerabilities, according to the company"
more informations about this accident can be found here : http://www.coindesk.com/localbitcoins-user-funds-stolen-chat-client-hack/
What do you guys think ?

[MaoChao]

I received a message from attacker by LiveChat, but did not download anything.
He threatened to block localbitcoins account if I do not download the file.

Be careful, my friends.

[hardshot]

From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen.

Don't trust the trollbox...

[cr1776]

From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen.

Don't trust the trollbox...

This and what MaoChao said. Sounds like social engineering not a "hack."

[Madness]

From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen.

Don't trust the trollbox...

This and what MaoChao said. Sounds like social engineering not a "hack."

Coding,Programming and hacking skills are required to create such malwares man . It's not like it's a simple keylogger open source
but yes it's correct , Most of it it's social engineering . It's not that hard to convice people to download a file from you.

[bitbaby]

I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum?

[Lauda]

Since when does an intelligent person download .exe files from the live-chat? Sigh.  
Nothing special about this. We often have 'fake' coin clients in the altcoin section.

[MaoChao]

I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum?

Usually LiveChat enabled if support is online.

[Madness]

I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum?

Usually LiveChat enabled if support is online.

LiveChat enabled if support is online only ? Users are able to chat with each other or only with Support/Staff members because it wouldn't make sense if only with the Support team otherwise this means that the hacker hacked the support team accounts then sent the files to the user (taking idendity of Support team)

[MaoChao]

LiveChat enabled if support is online only ?

Yes.

Users are able to chat with each other or only with Support/Staff members because it wouldn't make sense if only with the Support team otherwise this means that the hacker hacked the support team accounts then sent the files to the user (taking idendity of Support team)

Only with Support members.

[haploid23]

OP, you're making the problem sound bigger than it really was. This only affected like 4 people that actually lost BTC. The hack alone wouldn't have done shit. Those users that lost BTC were 1) gullible, and 2) had no sense of security for their BTC. A simple 2FA would have prevented this.

LBC handled it well.

[TrailingComet]

Local bitcoins has been going down the shitter for a while
If you had funds on there, you gotta blame yourself

[cr1776]

From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen.

Don't trust the trollbox...

This and what MaoChao said. Sounds like social engineering not a "hack."

Coding,Programming and hacking skills are required to create such malwares man . It's not like it's a simple keylogger open source
but yes it's correct , Most of it it's social engineering . It's not that hard to convice people to download a file from you.

Obviously coding is required, but the implication that it was a localbitcoins chat client hack implies their systems were compromised when in fact what was compromised was a user's system because the downloaded something that they shouldn't have.

[Q7]

I don't think it's entirely localbitcoin's fault that lead to the hack. But one thing good about them is their sense of responsibility as a company as they are even willing to refund those who had their coins lost.

[Madness]

I don't think it's entirely localbitcoin's fault that lead to the hack. But one thing good about them is their sense of responsibility as a company as they are even willing to refund those who had their coins lost.

Correct about the responsibility thing.
but for their fault ... well, I never used their website to be honest but MaoChao said that only Support is able to LiveChat with Customers so basically it's their fault if their Support Team aren't secure enough and got hacked otherwise how the hacker would send PM to the other users . he couldn't

[BitcoinHeroes]

Two words guys, cold storage. Actually three words cold storage and sandbox.

[koelen3]

Well! fault of them downloading the file but still why wouldn't some newbie trust a live chat rep

[AGD]

Since when does an intelligent person download .exe files from the live-chat? Sigh.  
Nothing special about this. We often have 'fake' coin clients in the altcoin section.

They do even download the files in topics with titles like "Is this a Virus?", even when 100% of the postings say, that this IS a virus.

[Wendigo]

I had someone random hit me up on Steam chat and post an image link with malicious code embedded in it. I fear for the kids there lol.

[Stifler]

and this is just another Bitcoin exchange website getting hacked ... are they some kind of serial hackers or what , bitcoin websites are going down one after another

Yes. You've got to be aware that there are many groups of hacker thieves out there who spend a lot of time trying to find holes and exploits to take your money. It's very profitable for them and exchanges need to always stay one step ahead of the hackers which obviously isn't easy to do.