Pages:
Author

Topic: LocalBitcoins User Funds Stolen After Chat Client Hack (Read 1658 times)

legendary
Activity: 868
Merit: 1006
The only way to not get hacked is hving your coins in your computer.
member
Activity: 66
Merit: 10
and this is just another Bitcoin exchange website getting hacked ... are they some kind of serial hackers or what , bitcoin websites are going down one after another Shocked


Yes. You've got to be aware that there are many groups of hacker thieves out there who spend a lot of time trying to find holes and exploits to take your money. It's very profitable for them and exchanges need to always stay one step ahead of the hackers which obviously isn't easy to do.
legendary
Activity: 2604
Merit: 1036
I had someone random hit me up on Steam chat and post an image link with malicious code embedded in it. I fear for the kids there lol.
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
Since when does an intelligent person download .exe files from the live-chat? Sigh.  Roll Eyes
Nothing special about this. We often have 'fake' coin clients in the altcoin section.

They do even download the files in topics with titles like "Is this a Virus?", even when 100% of the postings say, that this IS a virus.
legendary
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
Well! fault of them downloading the file but still why wouldn't some newbie trust a live chat rep Huh
sr. member
Activity: 364
Merit: 250
Two words guys, cold storage. Actually three words cold storage and sandbox.
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
I don't think it's entirely localbitcoin's fault that lead to the hack. But one thing good about them is their sense of responsibility as a company as they are even willing to refund those who had their coins lost.

Correct about the responsibility thing.
but for their fault ... well, I never used their website to be honest but MaoChao said that only Support is able to LiveChat with Customers so basically it's their fault if their Support Team aren't secure enough and got hacked otherwise how the hacker would send PM to the other users . he couldn't
Q7
sr. member
Activity: 448
Merit: 250
I don't think it's entirely localbitcoin's fault that lead to the hack. But one thing good about them is their sense of responsibility as a company as they are even willing to refund those who had their coins lost.
legendary
Activity: 4214
Merit: 1313
From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen.

Don't trust the trollbox...

This and what MaoChao said. Sounds like social engineering not a "hack."

Coding,Programming and hacking skills are required to create such malwares man . It's not like it's a simple keylogger open source
but yes it's correct , Most of it it's social engineering . It's not that hard to convice people to download a file from you.

Obviously coding is required, but the implication that it was a localbitcoins chat client hack implies their systems were compromised when in fact what was compromised was a user's system because the downloaded something that they shouldn't have.
sr. member
Activity: 462
Merit: 250
Local bitcoins has been going down the shitter for a while
If you had funds on there, you gotta blame yourself
legendary
Activity: 812
Merit: 1002
OP, you're making the problem sound bigger than it really was. This only affected like 4 people that actually lost BTC. The hack alone wouldn't have done shit. Those users that lost BTC were 1) gullible, and 2) had no sense of security for their BTC. A simple 2FA would have prevented this.

LBC handled it well.
legendary
Activity: 996
Merit: 1133
Get Some!
LiveChat enabled if support is online only ?
Yes.

Users are able to chat with each other or only with Support/Staff members because it wouldn't make sense if only with the Support team otherwise this means that the hacker hacked the support team accounts then sent the files to the user (taking idendity of Support team)
Only with Support members.
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum?
Usually LiveChat enabled if support is online.

LiveChat enabled if support is online only ? Users are able to chat with each other or only with Support/Staff members because it wouldn't make sense if only with the Support team otherwise this means that the hacker hacked the support team accounts then sent the files to the user (taking idendity of Support team)
legendary
Activity: 996
Merit: 1133
Get Some!
I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum?
Usually LiveChat enabled if support is online.
legendary
Activity: 2674
Merit: 2965
Terminated.
Since when does an intelligent person download .exe files from the live-chat? Sigh.  Roll Eyes
Nothing special about this. We often have 'fake' coin clients in the altcoin section.
hero member
Activity: 812
Merit: 1000
I wasn't aware that there is a live-chat/trollbox on the site, is it the one which is initiated after you open a trade or the blog/forum?
hero member
Activity: 644
Merit: 500
My goal is becaming a billionaire.
From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen.

Don't trust the trollbox...

This and what MaoChao said. Sounds like social engineering not a "hack."

Coding,Programming and hacking skills are required to create such malwares man . It's not like it's a simple keylogger open source
but yes it's correct , Most of it it's social engineering . It's not that hard to convice people to download a file from you.
legendary
Activity: 4214
Merit: 1313
From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen.

Don't trust the trollbox...

This and what MaoChao said. Sounds like social engineering not a "hack."
sr. member
Activity: 457
Merit: 251
From what you say, this is not the website itself got hacked.
Those users who aren't very smart just installed some dudes software and complain that their funds got stolen.

Don't trust the trollbox...
legendary
Activity: 996
Merit: 1133
Get Some!
I received a message from attacker by LiveChat, but did not download anything.
He threatened to block localbitcoins account if I do not download the file.

Be careful, my friends.
Pages:
Jump to: