This blog post was published before LocalEthereum became LocalCryptos.
We’re ramping up our security by partnering with the team at PhishFort to help tackle phishing attacks against LocalEthereum. This will allow us to more effectively detect and take down websites impersonating LocalEthereum.
As the LocalEthereum platform has grown to handle millions of dollars in volume each week, the frequency and sophistication of hacking and scamming attempts has grown with it. Fraudsters have started to employ new phishing attacks that are difficult to keep up with.
PhishFort protects blockchain projects by monitoring various sources across the internet, including social media, app stores, and the web for phishing attacks. Discovered attacks are blacklisted across a number of platforms and then taken down in record times.
Becoming a victim of phishing as a LocalEthereum user is especially unfortunate. The cryptographic nature of the platform means that entering your LocalEthereum password on a fraudulent website is equivalent to divulging a wallet private key; you can’t simply swap your wallet’s private key out for a new one. If your account is hijacked, sadly you need to say goodbye and create a new one.
LocalEthereum is joining other big-name dApps such as IDEX by working closely with PhishFort’s team of experts to protect our decentralised application from attackers. We believe the best defense to protect our users and ecosystem is a good offense.
There are things you can do as an end-user to help protect yourself. MyCrypto released a comprehensive guide to Protecting Your Crypto Funds that has many helpful practices to keep you safe.
Use a crypto-focused browser plugin:
- Phishfort | Protect — An open source Chrome plugin used to help identify safe and unsafe sites.
- EtherAddressLookup — An open source security plugin for protecting users from unsafe websites, Twitter accounts, and cryptocurrency addresses.
- MetaMask — The MetaMask plugin contains a blacklist that protects users from known phishing websites.
- MEW — The MyEtherWallet plugin also contains a blacklist of malicious websites.
If you come across a phishing website, report it:
- EtherscamDB — An open source collection of scams targeting Ethereum users.
- PhishFort Telegram Tip-Off — A telegram bot that can be used to report phishing incidents directly to PhishFort to be investigated and taken down.
- Use a password manager such as LastPass or 1Password to generate strong, unique passwords.
- Always check the URL when logging in. We only use the “localethereum.com” domain name. Also, check for the EV certificate (“LocalEthereum Pty Ltd [AU]”) that should be present when loading the website.
- Be wary of suspicious e-mails. We’ll only ever use a “@localethereum.com” sender address, and we’ll never e-mail you to say your account is being “suspended” or “under review”.