Mystery
Localbitcoins.com wallet hack.
3
Localbitcoins users including myself attempted to withdraw small amounts of
bitcoins from our 2FA protected wallets and ended up losing all the balance in
the wallet. To withdraw one has to enter destination address, amount of BTC and
2FA code or password if you don’t have 2FA enabled. One user had 2FA and myself
just password. Unfortunately after clicking sent all the users bitcoins were
sent to unknown addresses.
(21-Feb-2016) Myself, user bristol (https://localbitcoins.com/accounts/profile/bristol/)
lost 65 BTC
(15-Feb-2016)User
Geforce (https://localbitcoins.com/accounts/profile/geforce/)
lost 66 BTC but was lucky to spot problem straight away. He contacted support and they
managed to stop pending transaction. Localbitcoins returned the bitcoins to him
shortly after.
I was also
informed that there was a 3rd victim but wasn’t told who it was and how many
BTC this person lost.
Localbitcoins
has said that they have concluded their investigation and haven't found fault on
their end. They said that they have gone through all the server logs and 3rd
party security analysts performed some checks and all looked ok.
They have not provided me with any evidence of this and it feels as if my case is not looked at carefully. The only commonalities they found were that all victims
used chrome browsers and windows.
Localbitcoins.com
support has failed to provide me with any report on what has happened and has
refused to reimburse the lost btc. They are trying to put the blame on me and
in my defense I have offered them to check my computer and try and find the
fault as just day before there were no issues with withdrawals.
Here is
briefly what happened:
Only 3
users were affected.
Users used
chrome + windows.
It emptied
users’ wallets so attacker knew how many bitcoins each user had
It wasn’t
phishing or clipboard hack. No malware has been detected.
It happened
in only space of one week.
Only high
value users were affected.
No further
attacks after localbitcoins started investigating it.
The
bitcoins are still in the wallet used by the hacker
What makes
me think localbitcoins is trying to hide something:
No further
cases reported after they started investigating it. Perhaps ‘inside man’ is
scared to be detected.
Localbitcoins
haven’t changed their btc withdrawal process yet. For example extra email
verification confirming destination address and amount sent. Looks like they
are confident it won’t happen again but this contradicts their theory saying
they don’t have clue about origin of the attack.
It’s been 3
weeks and they haven’t made any announcements about the incident and warned
users using windows + chrome. Again looks like they are confident it won’t
happen again.
They
haven’t provided me with credentials of the external security analysts or
detailed logs and simply want me to trust their word that they are not
responsible.
Shortly
after the incident I decided to perform test withdrawal. I used same PC and
chrome browser and logged into my other localbitcoins account. I sent BTC out
to my other wallet and transaction went through OK. This proved there’s no
active malware/malicious script running on my PC.
I withdrew
BTC from LBC using same PC and browser day before incident and it went through
OK.
Also stolen
BTC are still in the same wallet. Not gone through mixers like it usually
happens after bitcoin thefts. Possibly employee/contractor not experienced with
laundering just don’t know how to clean them.
That's the wallet stolen coins went to:
https://blockchain.info/address/1ESYZyFEw9ffCzYBVQJSJbFtGkrkowgtfm
Also same time when the attacks happened localbitcoins were updating the site and things were all over the place for example feedbacks were in random order. Perhaps one of their contractors planted malicious script/code and deleted it after work's been done.
I was also a victim of similar incident back in November. It was only me and one other user
affected that time. It is just weird it
happened to me again out of thousands of other users.
I have
offered Localbitcoins can examine my PC to find possible source of hack there but
they refused doing it.
I feel very
much disappointed by localbitcoins.com attitude towards this incident
especially after putting through 20k trades in 3 years time and earning them
over 190 BTC in fees.
You can verify it’s me
(bristol) and other user (Geforce) by starting local trades with us via
localbitcoins.com
Thanks
Tomek
