Jump to content
Stake Forum
blueprints

Localbitcoin Exchange Exploited

Featured Comment

On January 26th, Localbitcoin Exchange reported a security vulnerability in the site that let hackers empty the balances of accounts. They disabled withdrawals and forums (because forums was what they were using to exploit) and then supposedly fixed the site to where its safe to use again and enabled withdrawals again.

https://www.reddit.com/r/localbitcoins/comments/ak1u8m/localbitcoins_report_on_the_security/?sort=new

But they were wrong, the hackers do not need the forums to do man in the middle attacks, I fell victim and lost .097 bitcoin 2 days ago. I am still waiting for them to reply to my ticket. But dont wait to hear it from them! If you use this exchange please listen to my warning! Do not put your 2FA key ANYWHERE in the site unless your withdrawing ALL of your balance. And only withdraw all of your balance. 

If you are using an account that doesnt even have 2FA, do not deposit to it until you enable 2FA or you will lose your coins the moment they become withdraw-able. You will end up like this person,

 https://www.reddit.com/r/localbitcoins/comments/aoawzx/problem_with_transaction/ 

Hopefully the site takes care of these vulnerabilities soon and reimburses everyone who lost coins to these attacks, like me. 

For more detail on how I lost my coins, https://prnt.sc/mirpvf

 

Edited by blueprints

Share this post


Link to post
Share on other sites

First of all Blueprints so sorry to hear that , that's a lot of money you lost there :( . Second of all hope they do something and give at least a compensation or something to compensate the loss you have uncurred. Third of all you should've known from the second when unexpectedly the site asks for 2FA that it was a bait. Always keep in mind 2FA is only for Logging IN and Withdrawing and never used for anything else. 

Share this post


Link to post
Share on other sites
1 hour ago, blueprints said:

I fell victim and lost .097 bitcoin 2 days ago

Really sorry to hear that you lost coins, especially since you were being so responsible by using 2FA and are a relatively technically sophisticated user.

This sounds like a very shrewd attack.  It reminds me a little of the recent attack on Electrum where false nodes were set up.

While it is small consolation, according to this article not a lot of coins were lost in total:  https://bitcoinmagazine.com/articles/phishing-scam-hits-localbitcoins-clients-lose-funds/ 

Maybe since not that many coins were lost, they will replace yours, I hope you get your coins back.  Good Luck.

Share this post


Link to post
Share on other sites

Dude, the sucks! Thats what you won at BV right? But ya man, online is a finicky world full of opportunist looking for quick ways to make money.. You rarely or almost do not even hear about bank robberies.. Now you hear about hackers exploiting sites, hacking into  financial institutions.. So much easier for them to do their dirty deed on the internet.. for me, i never keep anything valuable stored in banks or online wallets.. i either withdrawl it all as soon as it enters my bank..or turn cpins into local currencies and withdraw it right away.. xD 

Share this post


Link to post
Share on other sites

luckily i always put just enough for exchange....i usually keep a small amount..for customers minimal 10$ buy..while they read my offers.. i mention if they wanted more they just add on top on that ten (only paypal).. send with their wallet addy...they get 10 worth through local..and whatever on top they receive from my external wallet..i know how you feel.. when coinbase had a similar situation actually an inside job where 100 and so account was wipe clean..and my account was one of them... 1.2 btc about 8k usd when it started to rise that mid year 2017..took them 6-7 months to pay all those whose account was "hacked." 

Share this post


Link to post
Share on other sites

Localbitcoins claims zero responsibility for the attack. They will not reimburse my coins, they act like its not their fault at all and blame me. i had 2fa on the account. If they had email confirmation setting for withdrawals this would have been avoided.  

Can we please list localbitcoins as a scam site. Its not safe for anyone to deposit there. Everyones being told that bitcoin transactions are irreversible so theres nothing they can do. I cannot believe this. I lost .097 btc  bitcoin just like that. . .no apologies or anything. 
 

Please read this, 


Localbitcoins is not safe. please do not deposit there

Share this post


Link to post
Share on other sites
53 minutes ago, blueprints said:

Localbitcoins claims zero responsibility for the attack. They will not reimburse my coins, they act like its not their fault at all and blame me. i had 2fa on the account. If they had email confirmation setting for withdrawals this would have been avoided.  

Can we please list localbitcoins as a scam site. Its not safe for anyone to deposit there. Everyones being told that bitcoin transactions are irreversible so theres nothing they can do. I cannot believe this. I lost .097 btc  bitcoin just like that. . .no apologies or anything. 
 

Please read this, 


Localbitcoins is not safe. please do not deposit there

Sorry for this dude. Even though it was an attack done on their site by some people they should be responssible amd must have shut down the site suddenly. Sorry dude :(

Share this post


Link to post
Share on other sites

Bad news . I like this site  It`s very easy to exchange crypto. I tranfer my balance from Localbitcoin wallet everytime and i have not feel any affect from this attack. I hope they fix this problem soon

Share this post


Link to post
Share on other sites

I would also like to add something to this xD Well i thought it was the most secure website and all but. One time i wanted to sell some bitcoin ( this was way before i became a trader ) and i hated the fact that i have to wait a long time for the deposit to confirm but i still did and paid a 15000 fee and i sold it for a bank transfer and i opened a trade with a person called ProCryptotraderpak ( I was also brand new to the site ) and we had gone in a terminal where we could chat with each other i sent him my bank details and then he said ok wait and he replied saying " Click release bitcoins " I was like " why ?  " he said there was some technical difficulties so i had to do or else i won't be able to complete the trade and being the stupid guy i was i clicked it and later he said he had sent the money and i asked him " It hasn't arrived " so he said " It will take 1 - 2 hours " I was like " Oh ok thanks  " and this guy just finnesed the bitcoins of me like nothing happened. The next day there was no funds so i emailed to localBitcoins and they replied saying you shouldn't release the bitcoins first and that it was my fault . I replied saying " Ok but can you at least ban the guy ? I don't care about the money but he could do it again to others " They said " No ( In a nutshell ) ". 

 

Share this post


Link to post
Share on other sites

localbitcoin is a platform for buyers/sellers.. there should be a protective or insurance clause in their terms.. since its been a storage for your coins for sale they do have responsibility to keep it safe... without the sellers, no transaction fee would occur then the people running the site don't get paid...other thing besides 2fa notification should be sent to your email for confirmation..until its confirm it can't be released.. they dont have that option..surprisingly some casinos do have it...casino has better security then local..smh..

Share this post


Link to post
Share on other sites
56 minutes ago, polor12 said:

 without the sellers, no transaction fee would occur then the people running the site don't get paid

Well if you haven't used the site or have used it way before they take a fee from every single deposit even if you buy from the exchange also they take a fee of 15000 Satoshi's which is fine now but before it used to be dreadful. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×