LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014.
For now
- All user data and Bitcoins are safe;
- The site will be down for a while as the system is being rebuilt
Details
LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.
- LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.
- The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown.
- All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.
It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter.
- Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.
- LocalBitcoins team has started to rebuild the website server on fresh hardware.
LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again. We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.