LocalBitcoins: An Unsecured P2P Exchange & Safe Haven for Crypto Scammers
This isn’t a review, and — as much as I wish it was — it’s not a promotion either. It’s a firsthand account… a testament to the continual negative impact of frauds in the crypto space. I wrote this article to make the community aware that LocalBitcoins doesn’t consider to accept moral responsibility when users get scammed on the platform.
This is me presenting the facts of an unfortunate situation that left me almost 20 thousands of dollars short, and my reputation damaged & loss in business due to delays.
I rode the cryptocurrency wave during what I like to call The Golden Age. In a period marked by substantial price upswings and lots of FOMO, cryptocurrency (read: Bitcoin) announced itself to the world as the future of money.
I came across Bitcoin in the early part of 2013. During that period, I worked on several freelance projects, and I needed a seamless way to receive payment from clients anywhere in the world. Bitcoin ticked all the right boxes, and it wasn’t long before it became my favoured currency.
I read the Bitcoin whitepaper; the whole project was exciting with a unique view of the concept of digital currency. Of course, being a total newbie, I set out on an adventure — to learn what I can about cryptocurrency and how blockchain tech works. Thanks to the wealth of information on the internet, I was able to get my feet (or, in this case, brain) wet.
Keep in mind, this was a time of big-money exchange heists, regulatory concerns and whatnot. I remember hearing widespread rumours of an impending ban on cryptocurrencies by the Indian government. l It was only natural that I’d want to research potential safehouses, and I stumbled on peer-to-peer (P2P) cryptocurrency marketplaces. LocalBitcoins was like eBay for Bitcoin trading and had been around for a while, so I jumped on board.
I registered on LocalBitcoins on January 5, 2018, because selling P2P currency on a P2P marketplace had a nice ring to it. No, the platform was “secure” and easy to use. Also, the P2P model means more flexible options with deposits/withdrawals compared to centralized exchanges.
On March 17, 2018, I had my first scam experience on LocalBitcoins while it was identified when the bank has frozen my bank account one week later.
I traded with a trader with ‘Indian username’ for about 2100 dollars value in Bitcoin. With the buyer the tradings were smooth & fast as I received the money within half an hour, it was closed immediately.,
Later on 23rd march, all of a sudden, my credit cards stopped working, after approaching the bank, they mentioned my bank account had been frozen due to fraudulent activity. Someone filed a fraud claim against me, which I had to resolve before I could access all funds [almost $14200], and I didn’t even know who. Actually, still, I don’t know who did it as the bank denied to share the details of complainer citing privacy terms.
The bank shared a little information and mentioned the complaint was against the transactions on the 17th of March 2018 & by a lady who is 2364 kilometres away from my city. After brainstorming I learned, two Indians were scammed by a Cameroon based localbitcoins trader.
The scammer traded with the other victim (a newbie, I think) and told them to send me the funds. I was implicated since the victim now thought I was the seller. Apparently, this trader had scammed me and someone else by simultaneously posing as a Bitcoin buyer and seller [of something]. I lost my Bitcoin, and the other victim suffered their cash.
I couldn’t reach the other victim user as I didn’t have the personal contact information while the bank denied sharing the same. I still can’t wrap my head around how they managed to pull this off, but I have an idea.
LocalBitcoins denied to own the moral or legal responsibility, and I left cornered along with loss of money and reputation while the localbitcoins buyer’s account was “potentially banned” — yep, that was the phrase — for violating the terms of service (https://prnt.sc/qg6jcy). I checked the account info and was surprised to find out my Indian trader’s real IP address was in Cameroon (the account was probably bought: https://prnt.sc/qg6hcy).
The scammer traded with the other victim, the lady (out of localbitcoins, I think) and told them to send me the funds in exchange of something. I was implicated since the lady victim now thought I was the seller.
And I did, didn’t I? Iced money.
Although the reported deposit of USD 14200 remained inaccessible, I never got access my bank account back but had to move on.
But that’s not the end of the story.
Fast forward to December 12, 2019. I was looking to sell some Bitcoin. It was urgent, so I turned to LocalBitcoins because I’d gotten ‘wiser’ in choosing traders. Or, at least I thought.
I got a deposit of $3400 in my LocalBitcoins wallet, and NEXT Second, Yes NEXT Second it was sent to another LocalBitcoins address without 2FA authorization codes. Is it possible to get 2FA code from app and submit on the website just within 1 second.?
The LocalBitcoins support says YES. WTF ?
My account has a strong password with 2FA enabled, so even I can’t transfer to another wallet on LocalBitcoins unless I enter the correct code. I was wondering how it’s possible when I didn’t authorize the transaction.
Of course, I reported the incident to LocalBitcoins support, and they got defensive. The team didn’t respond to my messages; they’re only blaming me and not owning up.
I reached out to the CEO, Directors, Executives as well as fraud investigation specialists through LinkedIn; I got no response — just responses on tickets, which were blaming me for failing to secure my computer from malware. For context, I’m a computer engineer (a paranoid one at that), and I’m well aware of malware and computer security.
Also, since my account security reads “strong” with 2-factor authentication enabled. To clarify, there’s absolutely no way I can transfer Bitcoin to another wallet without a 2FA code, I think so.
I know for a fact that a code was never requested or sent. So, the only logical explanation is the transfer was an inside job, which isn’t far-fetched considering what happened before.
In April 2018, someone posing to be “LocalBitcoins support” sent me a support ticket concerning a buy offer I viewed. I checked the sender domain; “localbitcoins.ws” and not “.com”. You might think “it’s nothing new, just like every other phishing email out there”.
But think about this:
- How did the sender get my email,
- How did they know I was a LocalBitcoins user, and
- How on earth did the sender know the details of my account?
It doesn’t add up.
Sure, my email address could have been leaked in the past — but only LocalBitcoins could have known the remaining details. Users are at significant risk, KYC information could get public, just like the Binance KYC breach in August 2019.
These guys are as shady as it gets.
Bitcoin Transactions are Immutable — So What?
One of the core concepts of decentralized ledger technology is immutability — by design, not error. You can’t modify (or tamper with) a block once it’s verified. Period.
So, why is LocalBitcoins quick to cite “we told you to be careful because once it’s gone, it’s not coming back”? Matter of fact, what does that have to do with anything?
P2P marketplaces seldom accept responsibility for any wrongdoing but rather deflect the blame to affected users. I imagine the burden of being held responsible for users’ actions is too high for them to bear. Still, I wouldn’t put it past them to tell you they provide a platform to trade (Bitcoin) but can’t be held accountable for what you or others do on it.
Remember, eBay tried this until it became apparent that blame-shifting isn’t the answer. People were getting scammed by shady sellers who advertised products and delivered entirely different items.
So, what did they do? Well, they upped their verification game and set up smart filters to suspicious flag activity. Red-flagged accounts would be temporarily locked, pending manual review. Also, their suspension policy is a strict “two strikes, and you’re gone”, and they use several methods to keep suspended users from registering again.
They have a Fraud Assistance Team working with federal law enforcement agencies like the FBI, the FDA and even the Secret Service.
Real, this approach is an inconvenience to eBay sellers, but when it comes to fighting fraud, there’s really nothing like “going overboard”. Besides, it’s the shady sellers complaining the most.
eBay, a P2P marketplace through-and-through, has been able to keep out the majority of bad actors and maintain a positive reputation, unlike LocalBitcoins, who have taken a hush-hush, indecisive stance on crypto fraud.
Millions of dollars have been lost to cryptocurrency scams. P2P crypto marketplaces are entry points for these incidents, so the fault is theirs, and theirs alone. Users come onto LocalBitcoins expecting a secure, safe and seamless trading experience. Instead, they meet cunning criminals, elaborate scams, and a threat to their online and offline safety.
Security and ease-of-use isn’t such a difficult dilemma; I’d choose security again and again. LocalBitcoins should =adopt strict Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations to frustrate potential scammers and prevent repeat offenders. Also, account levels with increasingly tricky verification methods and deposit/withdrawal limits should be introduced.
It’s time for LocalBitcoins to end this apathy and stop preying on unsuspecting users. They have everything to lose — their reputation; users’ trust; and ultimately, revenue — if users keep getting scammed on this platform, it may impact many lives associated with the users.