A user don4of4 posted a warning message to other LocalBitcoins.com users that others have been reporting news of stolen bitcoin from their wallets on the website. The user claims that he didn’t believe it first, but when he saw that his 5 Bitcoin were transferred from his account without his permission or order considering, he had a 30 character random password and Google Authenticator set up, he realized something was definitely not right.
Don4of4 writes he changed his password after the heartbleed vulnerability was known. Don4of4 posted a picture of his account showing the BTC address his funds were sent to:
Other users are also reporting about stolen bitcoins.
“Within 20 min of completing a trade, btc was sent from My account – this while I was logged into my acccount on localbtc.”
Another user BigStretch3, wrote that twenty minutes after he deposited his Bitcoin on LocalBitcoins, they were transferred to another address without his knowing. He worries that his coins may be lost forever, and is asking for help.
BigStretch3 wrotes that twenty minutes after he deposited his Bitcoin on LocalBitcoins, his funds were transferred to another address without his knowing. He is afraid that his coins will be lost forever…
Not long ago LocaBitcoin.com made an immediate press release about this case:
Initial Response regarding Localbitcoins account vulnerability claims
Couple of hours Reddit user don4of4 posted warning to reddit, claiming that localbitcoins user accounts are vulnerable to some kind of exploit.
http://www.reddit.com/r/Bitcoin/comments/23a26k/breaking_remove_your_btc_from_localbitcoins/Similar post has been made on Localbitcoins forums.So far we have found one systematic and recent attack against LocalBitcoins users, and right now it seems that the amount of users attacked have been under 30, and amount of bitcoins reported has been less than that. The common pattern between these cases has been that prior the transaction there have been login to the account, and the fact that none of the users affected had 2-factor authentication enabled. Most likely explanation to these attacks have been stolen user credentials through phishing or malware. So far nothing indicates that this have been a security flaw on the website itself, but we are going to continue investigating the case.
There have been also two or three isolated cases which does not necessarily fall directly to this pattern*, and those case still need more research before anything can be said from them.
We will continue investigating these cases during the weekend, and meanwhile outgoing transactions might be delayed, since we try to minimize cold storage movements until everything is sorted out. We apologize all inconvenience affected.
*) edit: There have been claims that users with 2FA have been affected. So far we have received three this kind of reports in total during last month, and some further investigation is required before we can draw too many conclusions about these cases.”
