LocalBitcoins – the first and most popular platform for buyers and sellers to exchange, buy and sell bitcoins locally announced today their site experienced a “very dangerous attack” that shook their infrastructure to the core. The good news out of this is that they also reported that the hackers did not get away with any users’ data or bitcoins!
LocalBitcoins is one of the of the most popular bitcoin trading sites or bitcoin trading exchanges to have come under hacker attacks within the last few months. MtGox was forced to file for bankruptcy after hackers made away with most of their stored bitcoins belong to both users and MtGox owner and investors.
LocalBitcoins Hacked by Hackers
This is not the first report of issues from LocalBitcoins. Users reported a little over three weeks ago that many bitcoins were stolen from LocalBitcons site. LocalBitcoins site operator responded to the accusations saying the bitcoins were stolen from users who did not have the two-step authentication turned on. In essence, LocalBitcoins blamed the users for getting their bitcoins stolen! Below is their exact words.
“have been stolen user credentials through phishing or malware. So far nothing indicates that this have been a security flaw on the website itself, but we are going to continue investigating the case.”
LocalBitcoins Hack Attack Statement:
Saturday, May 3, 2014
Attack against LocalBitcoins infrastructure 3.5.2014
LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014. For now
- All user data and Bitcoins are safe;
- The site will be down for a while as the system is being rebuilt
LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.
- LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
- The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown.
- All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.
It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter.
- Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
- LocalBitcoins team has started to rebuild the website server on fresh hardware.
LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again. We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.
Is LocalBitcoins another MtGox in the making? What do you think?