Looks like I can leave feedback, can they do the same for me? I don't want to leave bad feedback if they can retaliate.
Topic: [ANN] LocalBitcoins.com - a location-based bitcoin to cash marketplace - page 12. (Read 126108 times)
July 31, 2014, 12:49:49 PM
I have a question about Feedback. Ok, so a buyer makes request for sizable amount of Bitcoins ties up my BTC for most of the 3 hour payment window then cancels.
Looks like I can leave feedback, can they do the same for me? I don't want to leave bad feedback if they can retaliate.
Looks like I can leave feedback, can they do the same for me? I don't want to leave bad feedback if they can retaliate.
May 20, 2014, 07:27:38 PM
After my lose all my coins on localbitcoins i found what happen. Was an XSS attack made by trader/seller he was used XSS atack after/when he release bitcoins from escrow. After that coins was send in new wallet to BTC-E.com account. So i will never use localbitcoins.com again and never do business
online. face - face cash in hand and offline wallet's is GOD of security. FU LOCALBITCOINS they know about this bug since 2013 and still working till today .
What was the other site? online. face - face cash in hand and offline wallet's is GOD of security. FU LOCALBITCOINS they know about this bug since 2013 and still working till today .
May 20, 2014, 07:15:07 PM
After my lose all my coins on localbitcoins i found what happen. Was an XSS attack made by trader/seller he was used XSS atack after/when he release bitcoins from escrow. After that coins was send in new wallet to BTC-E.com account. So i will never use localbitcoins.com again and never do business
online. face - face cash in hand and offline wallet's is GOD of security. FU LOCALBITCOINS they know about this bug since 2013 and still working till today .
online. face - face cash in hand and offline wallet's is GOD of security. FU LOCALBITCOINS they know about this bug since 2013 and still working till today .
May 19, 2014, 10:12:59 PM
LB rocks again! 
May 19, 2014, 12:08:02 PM
Things are looking up 
All my BTC appear intact
All my BTC appear intact
May 19, 2014, 11:55:16 AM
Well, for one it would be reassuring to have some redirect in the meantime. Just a 404 is not really good business practice.
It takes 55s to fire up a server on DigitalOcean (love them) and you pay per hour, not per 2 years as with the dinosaurs in the business.
It takes 55s to fire up a server on DigitalOcean (love them) and you pay per hour, not per 2 years as with the dinosaurs in the business.
May 19, 2014, 11:19:38 AM
Am I the only one who's getting nervous about the long down time?
It does seem to be taking a long time to install a new server. But, maybe, they cannot just drive over to the nearest Fry's and pick one up... May 19, 2014, 11:11:26 AM
Am I the only one who's getting nervous about the long down time?
It does seem to be taking a long time to install a new server. But, maybe, they cannot just drive over to the nearest Fry's and pick one up... May 19, 2014, 10:29:33 AM
Am I the only one who's getting nervous about the long down time?
May 19, 2014, 09:53:16 AM
Damn localbitcoins i just lose 3.5 btc my account was hacked and can't login to see other transaction.
my money was send from this wallet 1NUi7FYqUfk7Xmx15h7KWZEwfi2hEKpdLn to this one 1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc after few mins he send again to this wallet 14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S. It's any way to block, freze that wallet please let me know.
https://blockchain.info/address/1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc
https://blockchain.info/address/14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S
also i don't have 2 verification on my wallet how he get my password i think is very sick site now is down for 10 hours and they say that localbitcoins had no problem and user are responsible for the lose.
my money was send from this wallet 1NUi7FYqUfk7Xmx15h7KWZEwfi2hEKpdLn to this one 1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc after few mins he send again to this wallet 14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S. It's any way to block, freze that wallet please let me know.
https://blockchain.info/address/1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc
https://blockchain.info/address/14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S
also i don't have 2 verification on my wallet how he get my password i think is very sick site now is down for 10 hours and they say that localbitcoins had no problem and user are responsible for the lose.
That isn't a hacker, most likely. It is, most likely, Localbitcoins moving coins around among all of their addresses, some of which are private LBC addresses (for use by the company exclusively) and some are assigned to LBC members (who cannot spend the coins because they don't have the private keys).
Whenever you send BTC to LBC, they move it to other addresses a few minutes later for some reason. So I think you are worried about something that you don't need to worry about. The main issue right now is that their site is down. Once it comes back up, I bet you'll see your balance is just what you originally had in there.
Exactly this. LBC always moves the coins around. In "your" address you never actually have coin there. I always have coin on LBC in "my" address I send coin to but it eventually always has zero coin in it yet I always have a balance at LBC.
May 17, 2014, 07:01:30 PM
Damn localbitcoins i just lose 3.5 btc my account was hacked and can't login to see other transaction.
my money was send from this wallet 1NUi7FYqUfk7Xmx15h7KWZEwfi2hEKpdLn to this one 1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc after few mins he send again to this wallet 14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S. It's any way to block, freze that wallet please let me know.
https://blockchain.info/address/1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc
https://blockchain.info/address/14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S
also i don't have 2 verification on my wallet how he get my password i think is very sick site now is down for 10 hours and they say that localbitcoins had no problem and user are responsible for the lose.
my money was send from this wallet 1NUi7FYqUfk7Xmx15h7KWZEwfi2hEKpdLn to this one 1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc after few mins he send again to this wallet 14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S. It's any way to block, freze that wallet please let me know.
https://blockchain.info/address/1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc
https://blockchain.info/address/14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S
also i don't have 2 verification on my wallet how he get my password i think is very sick site now is down for 10 hours and they say that localbitcoins had no problem and user are responsible for the lose.
That isn't a hacker, most likely. It is, most likely, Localbitcoins moving coins around among all of their addresses, some of which are private LBC addresses (for use by the company exclusively) and some are assigned to LBC members (who cannot spend the coins because they don't have the private keys).
Whenever you send BTC to LBC, they move it to other addresses a few minutes later for some reason. So I think you are worried about something that you don't need to worry about. The main issue right now is that their site is down. Once it comes back up, I bet you'll see your balance is just what you originally had in there.
May 17, 2014, 05:58:04 PM
Damn localbitcoins i just lose 3.5 btc my account was hacked and can't login to see other transaction.
my money was send from this wallet 1NUi7FYqUfk7Xmx15h7KWZEwfi2hEKpdLn to this one 1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc after few mins he send again to this wallet 14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S. It's any way to block, freze that wallet please let me know.
https://blockchain.info/address/1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc
https://blockchain.info/address/14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S
also i don't have 2 verification on my wallet how he get my password i think is very sick site now is down for 10 hours and they say that localbitcoins had no problem and user are responsible for the lose.
my money was send from this wallet 1NUi7FYqUfk7Xmx15h7KWZEwfi2hEKpdLn to this one 1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc after few mins he send again to this wallet 14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S. It's any way to block, freze that wallet please let me know.
https://blockchain.info/address/1Jme6DcnyuRbVKcsDXTsgFbpkUzPtsR7Bc
https://blockchain.info/address/14hkTLRiar9RXLhWc8sJTohBhG4pbXXG2S
also i don't have 2 verification on my wallet how he get my password i think is very sick site now is down for 10 hours and they say that localbitcoins had no problem and user are responsible for the lose.
May 17, 2014, 12:40:16 PM
Hey Burt, thanks for that site (iidrn.com).
May 17, 2014, 10:55:28 AM
May 05, 2014, 07:39:06 AM
Looks like they re-opened prematurely .... seeing sluggish performance, getting HTTP 500 errors, etc.
We are having some performance issues right now. ETA for getting basic functions working is 2-3 hours.
- https://twitter.com/LocalBitcoins/status/463294142400192512
After logging in now I see:
We are working on the issues
We are experiencing heavy load right now. The site might respond slowly and you might run into issues. However please still feel free to try to access some of the site functionality. Our team is working on this and we should be back in business in a few hours.
But none of the trading functionality (e.g., Dashboard) is available.
May 05, 2014, 07:32:38 AM
Last update 16 hours ago:
We are restoring the site and you can log in already. Some contacts might not yet be available. Transactions are delayed.
- https://twitter.com/LocalBitcoins/status/463035216471539712
Looks like they re-opened prematurely .... seeing sluggish performance, getting HTTP 500 errors, etc.
Its not working for me 502 error or server not found may be down again or its just for me We are restoring the site and you can log in already. Some contacts might not yet be available. Transactions are delayed.
- https://twitter.com/LocalBitcoins/status/463035216471539712
Looks like they re-opened prematurely .... seeing sluggish performance, getting HTTP 500 errors, etc.
May 05, 2014, 06:29:29 AM
Last update 16 hours ago:
We are restoring the site and you can log in already. Some contacts might not yet be available. Transactions are delayed.
- https://twitter.com/LocalBitcoins/status/463035216471539712
Looks like they re-opened prematurely .... seeing sluggish performance, getting HTTP 500 errors, etc.
We are restoring the site and you can log in already. Some contacts might not yet be available. Transactions are delayed.
- https://twitter.com/LocalBitcoins/status/463035216471539712
Looks like they re-opened prematurely .... seeing sluggish performance, getting HTTP 500 errors, etc.
May 04, 2014, 09:28:16 PM
do anybody know how is this done exactly? If its not to hard to do, I would like to protect my files on the server too.. thanks
Quote
All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.
May 04, 2014, 08:53:51 AM
I would suggest the coins have either been stolen already or not at all. Either
a) attacker has access to wallets or private keys for 40 minuntes, and managed to transfer coins -> GONE
b) attacker had no access or no time to transfer, then LBC staff will certainly have moved coins to new wallets -> OK
The part that I don't understand .. is there no callback to a given phone no when access to a server is granted? 2FA for accounts but not for root access? 
a) attacker has access to wallets or private keys for 40 minuntes, and managed to transfer coins -> GONE
b) attacker had no access or no time to transfer, then LBC staff will certainly have moved coins to new wallets -> OK
The part that I don't understand .. is there no callback to a given phone no when access to a server is granted? 2FA for accounts but not for root access?
May 03, 2014, 10:08:08 PM
I posted this elsewhere, but figured I should have put it in this thread, so here it is:
Quote
A reasonable encryption strategy is to be able to decrypt with a password of at least 12 (more like 15 - 20) characters for access that lasts a few minutes, or a much longer password (40 characters or more) for access that lasts an hour or two. If we assume that the hacker grabbed a copy of enough information to be able to start an exhaustive search for the password, LBC knows how long we can expect his search to go on before he finds it.
If his search is ever successful, what data will be compromised?
Is there a list of BTC addresses that LBC can provide to miners, asking them to filter out transactions from them until further notice?
A protocol for that kind of lock would be nice. I would honor it if I were mining. Just a simple request "please lock this BTC addy until further notice," signed with the address would do. It could be broadcast in any transaction and thereby get to all miners.
Ahh, of course if it could be unlocked with a signature from the same address, it would be kind of useless. But suppose it had to be unlocked with a signature from the same address that locked it? So the attacker would need that external address' private key too.
If his search is ever successful, what data will be compromised?
Is there a list of BTC addresses that LBC can provide to miners, asking them to filter out transactions from them until further notice?
A protocol for that kind of lock would be nice. I would honor it if I were mining. Just a simple request "please lock this BTC addy until further notice," signed with the address would do. It could be broadcast in any transaction and thereby get to all miners.
Ahh, of course if it could be unlocked with a signature from the same address, it would be kind of useless. But suppose it had to be unlocked with a signature from the same address that locked it? So the attacker would need that external address' private key too.
Jump to: