Bitcoin
$63,160.55-4.47%
Ethereum
$3,107.30-4.61%
Binance Coin
$606.30-0.42%
Solana
$144.01-8.45%
XRP
$0.51590957-4.48%
Dogecoin
$0.14917359-6.98%
Toncoin
$5.22-8.54%
Cardano
$0.46549945-5.80%
Shiba Inu
$0.00002488-6.91%
Avalanche
$35.06-9.15%
Tron
$0.11555805+1.58%
Wrapped Bitcoin
$63,349.08-4.33%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Countdown to Consensus 2024The largest and longest running event that covers all sides of Crypto and Web 3
33
DAYS
22
HR
18
MIN
48
SEC
Markets

LocalBitcoins Releases Investigation Report on Site Wallet Issues

By Stan Higgins
AccessTimeIconApr 18, 2014 at 5:00 p.m. UTC
Updated Sep 11, 2021 at 10:40 a.m. UTC
Report
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Following yesterday's statement from LocalBitcoins regarding issues with its wallet service, the website has released its follow-up investigation report.

The report focused in part on claims that the site's two-factor authentication failed to prevent a wallet breach. LocalBitcoins also addressed the cause of withdrawal delays that took place as users tried to move their bitcoins away from the site following the posting of user concerns on reddit.

The LocalBitcoins team wrote in the report's introduction:

"LocalBitcoins team did not found any evidence of compromised site security."

Report walks through hack claims

LocalBitcoins presented an activity timeline of user don4of4 (who initially posted on reddit), including 17th April when the wallet intrusion took place.

The site's team identified that unlike previous logins by the user, someone accessed the site via a Tor browser and had access to don4of4's two-factor authentication key generator.

LocalBitcoins surmised that whoever accessed the user's account had gained access to his mobile device, which don4of4 told the team was used to store the two-factor codes.

The report read:

"In this case if the user used this particular Android device to access LocalBitcoins and the device was compromised, the attacker gained access to user password, user session ID and two-factor codes. Furthermore, it was reported on the reddit that the credentials of this particular user have been found on known compromised user account lists spreading in the internet."

LocalBitcoins added that it does not currently offer session fixation as a security measure. However, the development team will look into the matter as a possible future offering for users.

LocalBitcoins addresses withdrawal problems

As stated previously, concerns regarding the site's integrity resulted in increased withdrawal traffic. Withdrawal delays led to increased anxiety among the site's users.

LocalBitcoins said in its report:

"When the LocalBitcoins hot wallet was being emptied due to high volume of withdraws, the withdraws started to delay. LocalBitcoins choose not to top up the hot wallet until the incident is investigated."

The site added that the majority of its bitcoins are in cold storage.

Wallet malware issues detailed

LocalBitcoin's initial 17th April statement suggested that a malware intrusion had resulted in the loss of some users' wallet credentials.

The investigation report elaborated on this point, saying:

"In all of these cases the user account had no two-factor authentication and had a login coming from an IP address not associated with the users prior behavior pattern. We believe this was an incident either with reused passwords or malware-infection on the use computer."

The report also recommended that all users adopt two-factor authentication for its account, saying that the site is unable to tell the difference between a user login and one from an unauthorised source.

Tough landscape for wallet owners

Malware targeting bitcoin wallets have increased in number significantly in the past year, posing problems for users who don't keep their bitcoins in cold storage.

A recent report by cybersecurity firm Kapersky Labs showed a sharp increase in bitcoin wallet intrusions and attempted intrusions in 2013, compared to 2012 levels.

A separate study conducted by digital security firm Dell SecureWorks found that nearly 150 strains of malware were currently circulating the internet as of February 2014.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.