- Facebook bug opened iPhone cameras while users scrolled their feeds 6 Years Ago
- Black Facebook employees say company racism has ‘gotten worse’ 6 Years Ago
- This fish with a ‘human face’ is here to give you nightmares Today 3:28 PM
- TikTok’s piercing challenge leaves the fate of your face up to a filter Today 2:54 PM
- Soldiers with top-secret clearance say they were ordered to install a sketchy app Today 2:46 PM
- How to take your Korean beauty routine on the go Today 2:24 PM
- Disney+’s ‘Encore!’ is a love letter to high school theater Today 2:15 PM
- White tourist filmed shouting homophobic, racist slurs Today 1:31 PM
- U.K. advocacy group releases deepfakes of Corbyn, Johnson endorsing each other Today 1:07 PM
- ‘The Mandalorian’ series premiere throws ‘Star Wars’ in the middle of the wild west Today 12:35 PM
- A total guide to bone conduction headphones, plus our recommendations Today 12:34 PM
- Disney+ goes down on launch day Today 11:52 AM
- Anna Kendrick and Bill Hader shine in Disney+ Christmas movie ‘Noelle’ Today 11:52 AM
- What to do if you’ve lost your AirPods charging case Today 11:42 AM
- Stephen Miller’s racist emails leak Today 11:20 AM
LocalBitcoins exchange confirms security breach, stolen bitcoins
Are users to blame?
LocalBitcoins, a decentralized Bitcoin exchange with more than 100,000 users, confirmed reports of a security breach after multiple users complained their digital cash had vanished.
It started when LocalBitcoins user “don4of4” posted on the site’s forums around noon ET on Thursday, writing that she or he lost more than 4 bitcoins despite having a password surpassing 30 random characters and enabling a two-step authentication to log in to his account.
Other users chimed in saying they too had lost bitcoins. On Reddit and Twitter, users warned others to withdraw their funds from LocalBitcoins.
— Patrona Partners (@PatronaPartners) April 17, 2014
At around 2 p.m. ET, the Finland-based company responded to users on the forums saying they were investigating the situation. After about two hours, LocalBitcoins posted an update to its blog, reporting that the breach affected fewer than 30 users and fewer than 30 bitcoins (about $15,000, at current exchange rates).
“Most likely explanation to these attacks have been stolen user credentials through phishing or malware,” LocalBitcoins wrote. “So far nothing indicates that this have been a security flaw on the website itself, but we are going to continue investigating the case.”
The update, posted in broken English, doesn’t fully match up to users’ reports, as it claims that none of the affected users had two-factor authentication enabled.
Bitcoin owners have good reason to be on edge these days. It has been less than two months since Mt. Gox, once the world’s largest Bitcoin exchange, shut down after losing hundreds of millions of dollars of customers’ bitcoins in an apparent hack. Earlier this month, researchers exposed the Heartbleed bug, a catastrophic security flaw that sent shockwaves across the entire Internet.
Unlike most Bitcoin exchanges, which facilitate fully online transactions, LocalBitcoins matches buyers and sellers by geographical location for face-to-face exchanges of cash for Bitcoins. The company’s 110,000 active traders make it the largest decentralized market in the world, according to ArcticStartup.
The LocalBitcoins security incident comes just a day after Mycelium Bitcoin Wallet, a popular Android app, launched a feature that facilitates local transactions, which is almost identically to LocalBitcoins. There is no evidence that the two events are linked.
Update: LocalBitcoins published another more-detailed update on this hack, further supporting the company’s previous statement that the security breach does not reflect a site-wide problem.
Photo by BTC Keychain/Flickr (CC BY 2.0)
Fran Berkman is a technology reporter whose work for the Daily Dot focused on cryptocurrencies and internet freedom. In April 2017, he joined BuzzFeed as the deputy director of news curation.