Localbitcoins Update - page 2. | Bitcointalksearch.org

RockHound

full member

Activity: 224

Merit: 100

Quote from: franky1 on April 18, 2014, 03:38:10 AM

most likely insider job.

too many times i see bitcoin services put their hotwallets on remote servers. what makes it worse is they put it on remote servers which accepts bitcoin. this is a bit glowing neon sign that say the hosting provider knows all about bitcoin and has full access to the source code. so no matter how much security the service provider or customers use to prevent outside intrusion. there is nothing to stop insiders..

history has shown that the majority of hacks were actually inside jobs.. will bitcoin service providers ever learn. will service users ever learn

do not store large amounts for long term periods on third party services.

You could be right my brother, others think this is a possibility - Just takes one bad apple! I hope they fully secure this soon.

RockHound

full member

Activity: 224

Merit: 100

Quote from: pandit on April 18, 2014, 09:16:56 AM

now withdrawals are working in lbc ?

Cheers Pandit, how long did it take you?

pandit

member

Activity: 67

Merit: 10

now withdrawals are working in lbc ?

franky1

legendary

Activity: 4270

Merit: 4534

most likely insider job.

too many times i see bitcoin services put their hotwallets on remote servers. what makes it worse is they put it on remote servers which accepts bitcoin. this is a bit glowing neon sign that say the hosting provider knows all about bitcoin and has full access to the source code. so no matter how much security the service provider or customers use to prevent outside intrusion. there is nothing to stop insiders..

history has shown that the majority of hacks were actually inside jobs.. will bitcoin service providers ever learn. will service users ever learn

do not store large amounts for long term periods on third party services.

bryant.coleman

legendary

Activity: 3752

Merit: 1217

Quote from: Light on April 18, 2014, 02:32:50 AM

Any business operation would initially claim the problem not to be serious otherwise there'd be mass panic. In both situations (serious and non-serious) it would be best to claim a reduced degree of severity simply because it is true if it is non-serious and if its not it buys you time to fix or steal before people begin suspecting and panic withdrawing and finding it doesn't work.

Know what? I was planning to sell 1 BTC (for fiat) tomorrow on Localbitcoins (In my country, the Bitstamp / BTC-E fiat withdrawal can take a lot of time). Seems like I'll have to convert it somewhere else.

chandan123

full member

Activity: 212

Merit: 100

Hi

Quote from: RockHound on April 18, 2014, 02:11:23 AM

Sorry can't be of much help Chandan, still trying to find out more - Withdrawals are possibly affected by JavaScript, some folks have recommended that you disable if you are going to attempt a withdrawal?

I contacted another Seller friend of mine, for now we are both leaving are listings active until Localbitcoins Team make another update.

Localbitcoins team have pretty solid history, and have always been expedient fixing any issues.

thx . but disabling javascript makes the withdraw button nonfunctional i think
was going to try withdraw but let me wait for a day

Light

hero member

Activity: 742

Merit: 502

Circa 2010

Quote from: bryant.coleman on April 18, 2014, 02:29:23 AM

According to Localbitcoins admins, only 3 people with 2FA lost their coins. Is the real number more than this? If it is so, then this incident reminds me of Mt Gox. The Gox people had also claimed initially that the breach was not serious.

Any business operation would initially claim the problem not to be serious otherwise there'd be mass panic. In both situations (serious and non-serious) it would be best to claim a reduced degree of severity simply because it is true if it is non-serious and if its not it buys you time to fix or steal before people begin suspecting and panic withdrawing and finding it doesn't work.

bryant.coleman

legendary

Activity: 3752

Merit: 1217

Quote from: RockHound on April 18, 2014, 01:40:19 AM

Although more folks on their forum are reporting missing coins with 2FA enabled - Worrying Undecided

According to Localbitcoins admins, only 3 people with 2FA lost their coins. Is the real number more than this? If it is so, then this incident reminds me of Mt Gox. The Gox people had also claimed initially that the breach was not serious.

RockHound

full member

Activity: 224

Merit: 100

Quote from: chandan123 on April 18, 2014, 01:54:30 AM

so its best not to withdraw the coins from localbitcoins now ?

Sorry can't be of much help Chandan, still trying to find out more - Withdrawals are possibly affected by JavaScript, some folks have recommended that you disable if you are going to attempt a withdrawal?

I contacted another Seller friend of mine, for now we are both leaving are listings active until Localbitcoins Team make another update.

Localbitcoins team have pretty solid history, and have always been expedient fixing any issues.

chandan123

full member

Activity: 212

Merit: 100

Hi

so its best not to withdraw the coins from localbitcoins now ?

RockHound

full member

Activity: 224

Merit: 100

Quote from: bryant.coleman on April 18, 2014, 01:18:57 AM

^^^ I have just logged in to my localbitcoins.com account. Nothing unfamiliar. But I had withdrawn all my coins 2 months ago and I don't have any more coins in my account. The other sell / buy listings are visible.

Very good of you to check, cheers Bry

Hopefully it's nothing too serious - Although more folks on their forum are reporting missing coins with 2FA enabled - Worrying Undecided

bryant.coleman

legendary

Activity: 3752

Merit: 1217

^^^ I have just logged in to my localbitcoins.com account. Nothing unfamiliar. But I had withdrawn all my coins 2 months ago and I don't have any more coins in my account. The other sell / buy listings are visible.

RockHound

full member

Activity: 224

Merit: 100

   Multiple reports that withdraws have been frozen and do not leave the "pending" state. (3:52pm EST)

   Staff posted an update on the blog -> http://localbitcoins.blogspot.com/2014/04/initial-response-regarding.html They make the claim that the effected users do not have 2nd factor enabled. (4:22pm EST)

   Staff have corrected their post recognizing that they have confirmed three cases of people with 2nd factor having funds stolen. They do say that these incidents are not affecting a large number of users. (4:30 EST)

   Staff confirm that withdraws may be delayed while this mess is sorted out. (4:38 EST)

   At a conference call on the issue, all affected traders in attendance reported LocalBitcoins has not yet provided ANY reply to support tickets. (8:00pm EST)

   Incidents of this form of attack appear to have started ~48 hours ago, coins appear to be withdrawn to a foreign address, despite 2FA. (8:34pm EST)

   Withdraws have been totally frozen for more than an hour now. (9:38pm EST)

Any fellow Localbitcoiners on here? I do have currently Active listing(s). Just wondering whats the best course of action?

Apparently attempting to Withdraw renders you susceptible to XSS attack.

Topic: Localbitcoins Update - page 2. (Read 3237 times)