Dedicated Denial of Service (DDoS) Attack

. 2 min read

TL;DR: Funds are safe, DDoS attack targeted at LocalCoinSwap

Yesterday (September 2, 2020) at around 8pm UTC time our site was attacked for a couple of minutes by a large-scale DDOS, causing issues with accessibility. Our moderators were then contacted by a Russian hacking group called “Memory Farm”, threatening to continue a wide-scale DDOS that would “destroy our exchange forever” if we didn’t pay them a ransom in cryptocurrency.

Our moderators stalled the extortionists for time, while the dev team got to work preparing our systems for scale beyond their normal capacity.

After we got servers and scaling systems prepared, we instructed the hackers to contact our CTO, who told them we don’t give money to extortionists. We stood by and monitored our systems, waiting for the attack to commence again.

They flooded our systems with millions of requests over a very short period of time, from countless unique IP addresses. Within minutes, our systems had scaled up to over 16 servers to handle the capacity. Customers were experiencing some availability issues, but in general the site was working, albeit slower than usual.

The attackers then switched their tactics, concentrating on requests designed to pull down servers with less total requests. This method of attack did work, and for about 30 minutes site availability was affected more severely.

The dev team got to work, putting in place systems to analyse, throttle, and block requests, using AI to profile their intention and origin.

Soon the systems were working well, blocking about 98% of requests, and site availability resumed.

The attackers switched their tactics again, turning on and off the attacks suddenly to try and trick our systems. It didn’t work.

Eventually the attackers gave up and turned off the attack, no doubt having spent significant resources in attacking us and yielding no profit in return.

However, as an artifact of the attack, many customers found themselves with some availability issues afterwards. For example users of our API who made a lot of requests during the attack were inadvertently added to the block list by the AI, and some other legitimate users affected on various pages throughout the site.

We have gone through today and reviewed all the rule sets, so legitimate users should no longer face any issue. If you do for any reason, please reach out through support and we can assist.

Overall it was an interesting situation and fun for the dev team to deal with, but of course frustrating because users were inconvenienced for a few hours, and we had to pull our focus away from legitimate development work to deal with the attack.

Thanks for your understanding, no doubt the attackers (or new ones) will return in the future, as DDOS extortion is a common facet of running a crypto site. We will continue to remain transparent about threats we face, and you have our word that no attacker, scammer, hacker, or extortionist, will ever extort a single cent from LocalCoinSwap.

Happy Trading!
The LocalCoinSwap Team



Tags

2018 2019 2020 2FA 33 МЕТОДА ОПЛАТЫ AMA Arbitrage Argentina Authenticator banco central de argentina BCH Billetera bitcoin Billetera criptomonedas Bitcoin Bitcoin Cash bitcoin energy Bitcoin Halving bitcoin investment bitcoin mining bitcoin news Bitcoin Price Bitcoin Wallet bitcoins blockchain Blockfolio BTC Colombia Community Vote Como comprar compliance Comprar Bitcoin Comprar bitcoin con dinero en efectivo Comprar bitcoin sin KYC Comprar criptomonedas coronavirus criptocurrencies Criptomonedas Criptomonedas estables Crypto Crypto Wallet Cryptocurrency DAI dash Delta Direct DevTalks Dividends Economics en eng Entrevista Envío de dinero ERC20 es Escrow System Estados Unidos estonia ETC ETH Ethereum Ethereum Classic Exchange FAQ Getting Started gibraltar how to buy bitcoin ICO india Interview inversion en bitcoins inversiones invertir en criptomonedas invesment KSM Kusama Latinoamérica lcs lcs cryptoshares legislation litecoin LocalCoinSwap malta Markets MFA Monero news non-custodial P2P P2P Trading Password PAX Paxful payment method Perú Precio del bitcoin privacy prohibiciones del banco central de Argentina proof of work ProTrader regulation Remesas reputación Reputation Ripple ru safely security Sistema de Escrow spanish Spotlight Stablecoins Telegram Tether trade Trading turkey Tutorial update USDC USDT Vender bitcoins Venezuela Voting XMR XRP беседы разработчиков гид дивиденды запуск Р2Р биржи криптовалюта реферальная программа трейдинг

Instagram