- ‘Ramy’ explores the intersection of Muslim and millennial identities 5 Years Ago
- The top 10 Sekiro bosses, ranked 5 Years Ago
- How to install PlayStation Vue on Kodi to stream live TV Today 5:30 AM
- Alexandria Ocasio-Cortez supports resolution that could lead to Trump’s impeachment Thursday 9:46 PM
- Ricardo Milos dancing memes are the new Rickroll Thursday 9:09 PM
- Laura Loomer sues Twitter, Muslim lobbying group over account ban Thursday 8:15 PM
- Far-right troll Ian Miles Cheong gets flamed for mocking a ‘Star Wars’ fan Thursday 6:17 PM
- Facebook says ‘millions,’ not ‘tens of thousands,’ affected by Instagram password bug Thursday 5:13 PM
- Leading 2020 Democrats mock redactions in Mueller report Thursday 4:04 PM
- 8 weed accessories for stealthy stoners Thursday 4:00 PM
- Super Smash Bros. Ultimate players are now fighting on giant d*cks Thursday 3:37 PM
- Why are Facebook and Google translating this Spanish word into a racial slur? Thursday 3:32 PM
- Instagram page encourages meme creators to join a meme union Thursday 3:24 PM
- 28 smokin’ hot gifts for your stoner friend Thursday 1:33 PM
- The 5 most important conclusions from Robert Mueller’s report Thursday 1:28 PM
Are users to blame?
LocalBitcoins, a decentralized Bitcoin exchange with more than 100,000 users, confirmed reports of a security breach after multiple users complained their digital cash had vanished.
It started when LocalBitcoins user “don4of4” posted on the site’s forums around noon ET on Thursday, writing that she or he lost more than 4 bitcoins despite having a password surpassing 30 random characters and enabling a two-step authentication to log in to his account.
Other users chimed in saying they too had lost bitcoins. On Reddit and Twitter, users warned others to withdraw their funds from LocalBitcoins.
— Patrona Partners (@PatronaPartners) April 17, 2014
At around 2 p.m. ET, the Finland-based company responded to users on the forums saying they were investigating the situation. After about two hours, LocalBitcoins posted an update to its blog, reporting that the breach affected fewer than 30 users and fewer than 30 bitcoins (about $15,000, at current exchange rates).
“Most likely explanation to these attacks have been stolen user credentials through phishing or malware,” LocalBitcoins wrote. “So far nothing indicates that this have been a security flaw on the website itself, but we are going to continue investigating the case.”
The update, posted in broken English, doesn’t fully match up to users’ reports, as it claims that none of the affected users had two-factor authentication enabled.
Bitcoin owners have good reason to be on edge these days. It has been less than two months since Mt. Gox, once the world’s largest Bitcoin exchange, shut down after losing hundreds of millions of dollars of customers’ bitcoins in an apparent hack. Earlier this month, researchers exposed the Heartbleed bug, a catastrophic security flaw that sent shockwaves across the entire Internet.
Unlike most Bitcoin exchanges, which facilitate fully online transactions, LocalBitcoins matches buyers and sellers by geographical location for face-to-face exchanges of cash for Bitcoins. The company’s 110,000 active traders make it the largest decentralized market in the world, according to ArcticStartup.
The LocalBitcoins security incident comes just a day after Mycelium Bitcoin Wallet, a popular Android app, launched a feature that facilitates local transactions, which is almost identically to LocalBitcoins. There is no evidence that the two events are linked.
Update: LocalBitcoins published another more-detailed update on this hack, further supporting the company’s previous statement that the security breach does not reflect a site-wide problem.
Photo by BTC Keychain/Flickr (CC BY 2.0)
Fran Berkman is a technology reporter whose work for the Daily Dot focused on cryptocurrencies and internet freedom. In April 2017, he joined BuzzFeed as the deputy director of news curation.