TL;DR: Funds are safe, DDoS attack targeted at LocalCoinSwap
Yesterday (September 2, 2020) at around 8pm UTC time our site was attacked for a couple of minutes by a large-scale DDOS, causing issues with accessibility. Our moderators were then contacted by a Russian hacking group called “Memory Farm”, threatening to continue a wide-scale DDOS that would “destroy our exchange forever” if we didn’t pay them a ransom in cryptocurrency.
Our moderators stalled the extortionists for time, while the dev team got to work preparing our systems for scale beyond their normal capacity.
After we got servers and scaling systems prepared, we instructed the hackers to contact our CTO, who told them we don’t give money to extortionists. We stood by and monitored our systems, waiting for the attack to commence again.
They flooded our systems with millions of requests over a very short period of time, from countless unique IP addresses. Within minutes, our systems had scaled up to over 16 servers to handle the capacity. Customers were experiencing some availability issues, but in general the site was working, albeit slower than usual.
The attackers then switched their tactics, concentrating on requests designed to pull down servers with less total requests. This method of attack did work, and for about 30 minutes site availability was affected more severely.
The dev team got to work, putting in place systems to analyse, throttle, and block requests, using AI to profile their intention and origin.
Soon the systems were working well, blocking about 98% of requests, and site availability resumed.
The attackers switched their tactics again, turning on and off the attacks suddenly to try and trick our systems. It didn’t work.
Eventually the attackers gave up and turned off the attack, no doubt having spent significant resources in attacking us and yielding no profit in return.
However, as an artifact of the attack, many customers found themselves with some availability issues afterwards. For example users of our API who made a lot of requests during the attack were inadvertently added to the block list by the AI, and some other legitimate users affected on various pages throughout the site.
We have gone through today and reviewed all the rule sets, so legitimate users should no longer face any issue. If you do for any reason, please reach out through support and we can assist.
Overall it was an interesting situation and fun for the dev team to deal with, but of course frustrating because users were inconvenienced for a few hours, and we had to pull our focus away from legitimate development work to deal with the attack.
Thanks for your understanding, no doubt the attackers (or new ones) will return in the future, as DDOS extortion is a common facet of running a crypto site. We will continue to remain transparent about threats we face, and you have our word that no attacker, scammer, hacker, or extortionist, will ever extort a single cent from LocalCoinSwap.
The LocalCoinSwap Team