LocalBitcoins vulnerability: 6 case of stolen funds confirmed as of now

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: Ucy on January 27, 2019, 08:13:20 AM

Of course there will be compensation. It's not the users fault that the company's vault was robbed by thief.
If a thief robs a bank, breaks the bank vault and steal people gold/jewelry, the bank are responsible for keeping the gold safe and will definitely compensate the owners.

The example you gave really doesn't apply with bitcoin/cryptocurrency exchanges, also as reasoned out by o_e_l_e_o. From all the exchanges that got hacked since the rise of bitcoin and cryptocurrencies in general, has every single exchange compensated their users of the stolen funds? No. Most, if not all went bankrupt instead.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: magneto on January 27, 2019, 02:36:54 AM

I wouldn't doubt if the hacker has held onto some account details which at the time did not have any funds in them, because just 6 cases seems to be way too small

I don't think doing that would be of any benefit to the hacker. The whole point of this attack was that it was stealing 2FA codes via the forum and using them to log in to exchange accounts. Keeping username and passwords would be no use unless the hacker had another way of stealing 2FA codes.

Quote from: Ucy on January 27, 2019, 08:13:20 AM

Of course there will be compensation. It's not the users fault that the company's vault was robbed by thief.
If a thief robs a bank, breaks the bank vault and steal people gold/jewelry, the bank are responsible for keeping the gold safe and will definitely compensate the owners.

A bank is regulated and insured. Many crypto exchanges are not. Of course they should compensate the losses, but there have been many hacks in the past that haven't. It's by no means guaranteed.

Ucy

sr. member

Activity: 2576

Merit: 401

Quote from: o_e_l_e_o on January 26, 2019, 12:25:25 PM

Looks like localbitcoins managed to shut this down pretty quickly after it started up actually, but the hackers still managed to make off with just shy of 8 BTC ($28,000) from 5 users (assuming that 1 address is the only address they used). Wonder if localbitcoins will compensate the users affected?

Once again, we have to wonder why users keep leaving large amount of funds on exchanges. Say it with me now: Not your keys, not your bitcoin. Not your keys, not your bitcoin. Not your keys, not your bitcoin. Not your keys, not your bitcoin.

Of course there will be compensation. It's not the users fault that the company's vault was robbed by thief.
If a thief robs a bank, breaks the bank vault and steal people gold/jewelry, the bank are responsible for keeping the gold safe and will definitely compensate the owners.

magneto

hero member

Activity: 1666

Merit: 753

Thanks for letting us know. I actually had no idea of this until I came across this thread.

It's really a bit surprising to me though how small of an amount has actually been compromised, when an entire forum has been breached into. I wouldn't doubt if the hacker has held onto some account details which at the time did not have any funds in them, because just 6 cases seems to be way too small

Even if you didn't sign into the forum during this time it's probably best to be safe, change your password and enable 2FA if you haven't already. It's a good thing that LBC is taking responsibility it seems and refunding people, which is at least professional on their part.

Quote from: goldexp83 on January 26, 2019, 12:59:55 PM

wow this is pretty scary, was it the first time happening???

I like localbitcoin and always thought its a pretty good site, not that fancy but usability is totally there

I hope more safe system will be in place to avoid this kind of scary hacks

Don't think it's the first time that LBC has given us a scare. I remember back in the days it used to be down every once in a while and people would panic. Small hacks had happened a few years back as well.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: squatter on January 26, 2019, 08:13:35 PM

Are there any more details about this third party software and what the vulnerability was exactly?

I read a couple articles about the attack and I was led to believe this was a DNS spoofing attack on the forum subdomain. It sounds like that's not actually the case?

I don't think they have given specific information about this matter as of now, but I don't think it's a DNS attack. But for what it looks like in my opinion, I'm personally leaning more on a javascript/XSS injection on the forum software. Probably omething like:

User visits forum --> script executes --> probably redirects the user to a phishing site(?)

Just my rough guess.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: FedorIzmailov on January 26, 2019, 02:00:56 PM

I once said that you need to store Bitcoin, namely, you knew about your cold wallets, but you used other exchanges.

Typical... you know that those bitcoins are in an Exchange because users want/need to trade right? (Apparently, obviously, surely, most of them got their "own" wallet)
You can't easily use a Cold wallet that was buried 20-feet under a random area guided with a "X" on a map to buy a HYPEd shitcoin before it get pumped.

Quote from: OmegaStarScream on January 26, 2019, 09:49:22 AM

If that's the case and the team is as professional as they claim to be, they should reimburse the users. Just another reason on why you shouldn't keep your funds in exchanges by the way.

I'm afraid that keeping most of the coins in a hot/cold wallet not possible for someone who's day trading. Personally, I prefer keeping higher exchange balance than in cold wallet since highly-priced orders yield higher profit.
Specially now that the price is on its (*typo edit) best buy, predictable low-liqudity and mostly everyone is expecting a rise.

Usually, it goes like this:
Source (ex.Mining)---→(HotWallet)--→EXCHANGE---(Mixer)---→Cold Wallet (Savings)
Other Sources-------⤴---------------⤴ ↪-----→Hot Wallet (Expenses)

Fortunately, legitimate exchanges today are heavily regulated and problems such as missing funds can be legally resolved.

squatter

legendary

Activity: 1666

Merit: 1196

STOP SNITCHIN'

Quote from: o_e_l_e_o on January 26, 2019, 04:01:12 PM

Quote from: mk4 on January 26, 2019, 01:32:20 PM

They should just compensate the stolen bitcoin in my opinion.

According to this reddit post, one of the affected users has already had his lost balance reimbursed.

Glad to hear it. If the losses were really limited to 8 BTC, they should just compensate the victims out of goodwill.

kelz1

copper member

Activity: 140

Merit: 3

These hackers are becoming very sophisticated, i wouldn't be surprised if it was the same team behind the electrum wallet hack as it follows the same pattern of phishing for login details. Bad day for bitcoiners as localbitcoins is a good website

pixie85

hero member

Activity: 2128

Merit: 524

Quote from: FedorIzmailov on January 26, 2019, 02:00:56 PM

I once said that you need to store Bitcoin, namely, you knew about your cold wallets, but you used other exchanges.

You can't expect everything to be stored in cold wallets. They stole a very small number of coins and as long as the loss is small it can be reimbursed and won't affect the business that much. If you have 1000 Bitcoin on your platform it's natural that up to 10% will be in hot wallets but some businesses like that Korean exchange that was hacked had all of their money in hot wallets.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: ?? on ??

Whats about our personal information are they are safe too or the attackers take it too ?

This was a man-in-the-middle type attack on individual users' accounts, stealing their 2FA keys via the forum to log in to their LBC accounts and transfer out their funds. There was no hack on the main LBC wallets or databases, so your personal information won't be affected. I would encourage everyone, however, to think twice before performing KYC with any service online. Just because your documents weren't accessed with this attack, doesn't mean they won't be accessed in the future.

Quote from: mk4 on January 26, 2019, 01:32:20 PM

They should just compensate the stolen bitcoin in my opinion.

According to this reddit post, one of the affected users has already had his lost balance reimbursed.

FedorIzmailov

jr. member

Activity: 238

Merit: 1

I once said that you need to store Bitcoin, namely, you knew about your cold wallets, but you used other exchanges.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: o_e_l_e_o on January 26, 2019, 12:25:25 PM

Wonder if localbitcoins will compensate the users affected?

They should just compensate the stolen bitcoin in my opinion. While 8 BTC is definitely a lot for me, it's probably not that much for them when taking into account how much they're potentially earning. Compensating the stolen BTC would be a great PR move too.

Quote from: goldexp83 on January 26, 2019, 12:59:55 PM

wow this is pretty scary, was it the first time happening???

I like localbitcoin and always thought its a pretty good site, not that fancy but usability is totally there

I hope more safe system will be in place to avoid this kind of scary hacks

It's the first time for LocalBitcoins as far as I know. In the hackers point of view, getting past LocalBitcoins itself is probably difficult, hence the attacker went for the weaker link: the forum software. Correct me if I'm wrong, but the LocalBitcoins exchange itself and the LocalBitcoins forum has accounts that are connected; so the attacker took advantage of this. Quite smart really.

goldexp83

member

Activity: 225

Merit: 10

quarkchain.io

wow this is pretty scary, was it the first time happening???

I like localbitcoin and always thought its a pretty good site, not that fancy but usability is totally there

I hope more safe system will be in place to avoid this kind of scary hacks

romero121

legendary

Activity: 3164

Merit: 1213

Localbitcoins.com was one among the best platform that has got its service around the world. Quite often bitcoin fraudulent activities happen through localbitcoins. This time the same has taken place in large scale as more and more hackers have focused over the cryptocurrency network. Two year back I lost through a hack that was completely because of not enabling two factor authentication.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Looks like localbitcoins managed to shut this down pretty quickly after it started up actually, but the hackers still managed to make off with just shy of 8 BTC ($28,000) from 5 users (assuming that 1 address is the only address they used). Wonder if localbitcoins will compensate the users affected?

Once again, we have to wonder why users keep leaving large amount of funds on exchanges. Say it with me now: Not your keys, not your bitcoin. Not your keys, not your bitcoin. Not your keys, not your bitcoin. Not your keys, not your bitcoin.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: bellamente on January 26, 2019, 10:05:30 AM

How long will this go on? Another cryptocurrency exchange has been cracked. Phishing, one of the most experienced viruses. I hope the team of the LOCALBITCOINS project will do everything to ensure that the cryptocurrency remains with the owners

As long as exchanges are around, hacks will happen whether we like it or not.

Update: edited the topic to include the message from LocalBitcoins.

leninay

jr. member

Activity: 120

Merit: 1

Quote from: bellamente on January 26, 2019, 10:05:30 AM

How long will this go on? Another cryptocurrency exchange has been cracked. Phishing, one of the most experienced viruses. I hope the team of the LOCALBITCOINS project will do everything to ensure that the cryptocurrency remains with the owners

Not surprising, every year they hack the exchanges, just recently there was information about breaking into large crypto exchanges and selling verified user documents

https://www.ccn.com/hacked-customer-data-from-world-leading-cryptocurrency-exchanges-for-sale-on-the-dark-web/

How do you not understand that to keep money even in the bank is unsafe and especially on the exchanges

My advice to you is to keep your cryptocurrency in cold wallets on your computer and this will not protect you from hacking by 100%

In my opinion this is the safest place

bellamente

member

Activity: 420

Merit: 10

How long will this go on? Another cryptocurrency exchange has been cracked. Phishing, one of the most experienced viruses. I hope the team of the LOCALBITCOINS project will do everything to ensure that the cryptocurrency remains with the owners

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: OmegaStarScream on January 26, 2019, 09:49:22 AM

From the look of it, there have been few reports and the damage is not that big (or still not reported from the users yet). If that's the case and the team is as professional as they claim to be, they should reimburse the users. Just another reason on why you shouldn't keep your funds in exchanges by the way.

From the looks of it based on the discussions, it seems like the forum-side of LocalBitcoins was compromised and the hacker is using the login to phish the forum accounts, for the hacker to be able to withdraw the funds of the users. Hopefully it stopped here as the forum has been disabled. Not 100% sure though.

OmegaStarScream

staff

Activity: 3402

Merit: 6065

From the look of it, there have been few reports and the damage is not that big (or still not reported from the users yet). If that's the case and the team is as professional as they claim to be, they should reimburse the users. Just another reason on why you shouldn't keep your funds in exchanges by the way.

Topic: LocalBitcoins vulnerability: 6 case of stolen funds confirmed as of now (Read 334 times)