Before you go, check out these stories!

0
Hackernoon logoI'm Not the Only One Who's Been Scammed on LocalBitcoins by@devashish-biswas

I'm Not the Only One Who's Been Scammed on LocalBitcoins

Author profile picture

@devashish-biswasDevashish Biswas

CEO & Marketing Head @NCryptBit

This isn’t a review, and — as much as I wish it was — it’s not a promotion either. It’s a firsthand account… a testament to the continual negative impact of frauds in the crypto space. I wrote this article to make the community aware that LocalBitcoins doesn’t consider to accept moral responsibility when users get scammed on the platform.

This is me presenting the facts of an unfortunate situation that left me
almost 20 thousands of dollars short, and my reputation damaged &
loss in business due to delays.

I rode the cryptocurrency wave during what I like to call The Golden Age.
In a period marked by substantial price upswings and lots of FOMO,
cryptocurrency (read: Bitcoin) announced itself to the world as the
future of money.

I came across Bitcoin in the early part of 2013. During that period, I
worked on several freelance projects, and I needed a seamless way to
receive payment from clients anywhere in the world. Bitcoin ticked all
the right boxes, and it wasn’t long before it became my favored
currency.

I read the Bitcoin whitepaper; the whole project was exciting with a
unique view of the concept of digital currency. Of course, being a total
newbie, I set out on an adventure — to learn what I can about
cryptocurrency and how blockchain tech works. Thanks to the wealth of
information on the internet, I was able to get my feet (or, in this
case, brain) wet.

Keep in mind, this was a time of big-money exchange heists, regulatory
concerns and whatnot. I remember hearing widespread rumours of an
impending ban on cryptocurrencies by the Indian government. l It was
only natural that I’d want to research potential safehouses, and I
stumbled on peer-to-peer (P2P) cryptocurrency marketplaces.
LocalBitcoins was like eBay for Bitcoin trading and had been around for a
while, so I jumped on board.

I registered on LocalBitcoins on January 5, 2018, because selling P2P
currency on a P2P marketplace had a nice ring to it. No, the platform
was “secure” and easy to use. Also, the P2P model means more flexible
options with deposits/withdrawals compared to centralized exchanges.

On March 17, 2018, I had my first scam experience on LocalBitcoins while
it was identified when the bank has frozen my bank account one week
later.

I traded with a trader with ‘Indian username’ for about 2100 dollars
value in Bitcoin. With the buyer the tradings were smooth & fast as I received the money within half an hour, it was closed immediately.

Later on 23rd march, all of a sudden, my credit cards stopped working, after approaching the bank, they mentioned my bank account had been frozen due to fraudulent activity. Someone filed a fraud claim against me, which I had to resolve before I could access all funds [almost $14,200], and I didn’t even know who. Actually, still, I don’t know who did it as the bank denied to share the details of complainer citing privacy terms.

The bank shared a little information and mentioned the complaint was
against the transactions on the 17th of March 2018 & by a lady who
is 2364 kilometers away from my city. After brainstorming I learned, two
Indians were scammed by a Cameroon based localbitcoins trader.

The scammer traded with the other victim (a newbie, I think) and told them
to send me the funds. I was implicated since the victim now thought I was the seller. Apparently, this trader had scammed me and someone else
by simultaneously posing as a Bitcoin buyer and seller [of something]. I lost my Bitcoin, and the other victim suffered their cash.

I couldn’t reach the other victim user as I didn’t have the personal
contact information while the bank denied sharing the same. I still
can’t wrap my head around how they managed to pull this off, but I have
an idea.

LocalBitcoins denied to own the moral or legal responsibility, and I left cornered along with loss of money and reputation while the localbitcoins buyer’s account was “potentially banned” — yep, that was the phrase — for
violating the terms of service (https://prnt.sc/qg6jcy). I checked the account info and was surprised to find out my Indian trader’s real IP address was in Cameroon (the account was probably bought: https://prnt.sc/qg6hcy).

The scammer traded with the other victim, the lady (out of localbitcoins, I think) and told them to send me the funds in exchange of something. I
was implicated since the lady victim now thought I was the seller.

And I did, didn’t I? Iced money.

Although the reported deposit of USD 14,200 remained inaccessible, I never got access my bank account back but had to move on.

But that’s not the end of the story.

Fast forward to December 12, 2019. I was looking to sell some Bitcoin. It
was urgent, so I turned to LocalBitcoins because I’d gotten ‘wiser’ in
choosing traders. Or, at least I thought.

I got a deposit of $3,400 in my LocalBitcoins wallet, and next second, Yes NEXT second it was sent to another LocalBitcoins address without 2FA authorization codes. Is it possible to get 2FA code from app and submit on the website just within 1 second.?

My account has a strong password with 2FA enabled, so even I
can’t transfer to another wallet on LocalBitcoins unless I enter the
correct code. I was wondering how it’s possible when I didn’t authorize
the transaction.

Of course, I reported the incident to LocalBitcoins support, and they got
defensive. The team didn’t respond to my messages; they’re only blaming
me and not owning up.

I reached out to the CEO, Directors, Executives as well as fraud
investigation specialists through LinkedIn; I got no response — just
responses on tickets, which were blaming me for failing to secure my
computer from malware. For context, I’m a computer engineer (a paranoid
one at that), and I’m well aware of malware and computer security.

Also, since my account security reads “strong” with 2-factor authentication
enabled. To clarify, there’s absolutely no way I can transfer Bitcoin to
another wallet without a 2FA code, I think so.

I know for a fact that a code was never requested or sent. So, the only
logical explanation is the transfer was an inside job, which isn’t
far-fetched considering what happened before.

In April 2018, someone posing to be “LocalBitcoins support” sent me a
support ticket concerning a buy offer I viewed. I checked the sender
domain; “localbitcoins.ws” and not “.com”. You might think “it’s nothing
new, just like every other phishing email out there”.

But think about this:

How did the sender get my email? How did they know I was a LocalBitcoins user? And, how on earth did the sender know the details of my account?

It doesn’t add up.

Sure, my email address could have been leaked in the past — but only
LocalBitcoins could have known the remaining details. Users are at
significant risk, KYC information could get public, just like the Binance KYC breach in August 2019.

These guys are as shady as it gets.

Bitcoin Transactions are Immutable — So What?

One of the core concepts of decentralized ledger technology is immutability — by design, not error. You can’t modify (or tamper with) a block once it’s verified. Period.

So, why is LocalBitcoins quick to cite “we told you to be careful because
once it’s gone, it’s not coming back”? Matter of fact, what does that
have to do with anything?

It’s simple.

P2P marketplaces seldom accept responsibility for any wrongdoing but rather deflect the blame to affected users. I imagine the burden of being held responsible for users’ actions is too high for them to bear. Still, I
wouldn’t put it past them to tell you they provide a platform to trade
(Bitcoin) but can’t be held accountable for what you or others do on it.

Remember, eBay tried this until it became apparent that blame-shifting isn’t the answer. People were getting scammed by shady sellers who advertised products and delivered entirely different items.

So, what did they do? Well, they upped their verification game and set up
smart filters to suspicious flag activity. Red-flagged accounts would be
temporarily locked, pending manual review. Also, their suspension
policy is a strict “two strikes, and you’re gone”, and they use several methods to keep suspended users from registering again.

They have a Fraud Assistance Team working with federal law enforcement
agencies like the FBI, the FDA and even the Secret Service.

Real, this approach is an inconvenience to eBay sellers, but when it comes to fighting fraud, there’s really nothing like “going overboard”. Besides,
it’s the shady sellers complaining the most.

eBay, a P2P marketplace through-and-through, has been able to keep out the majority of bad actors and maintain a positive reputation, unlike
LocalBitcoins, who have taken a hush-hush, indecisive stance on crypto
fraud.

Millions of dollars have been lost to cryptocurrency scams. P2P crypto marketplaces are entry points for these incidents, so the fault is theirs, and theirs alone. Users come onto LocalBitcoins expecting a secure, safe and seamless trading experience. Instead, they meet cunning criminals, elaborate scams, and a threat to their online and offline safety.

Security and ease-of-use isn’t such a difficult dilemma; I’d choose security
again and again. LocalBitcoins should =adopt strict Know Your Customer
(KYC) and Anti-Money Laundering (AML) regulations to frustrate potential
scammers and prevent repeat offenders. Also, account levels with
increasingly tricky verification methods and deposit/withdrawal limits
should be introduced.

It’s time for LocalBitcoins to end this apathy and stop preying on unsuspecting users. They have everything to lose — their reputation;
users’ trust; and ultimately, revenue — if users keep getting scammed on this platform, it may impact many lives associated with the users.


Tags

The Noonification banner

Subscribe to get your daily round-up of top tech stories!