Thursday, November 19, 2015

Security incident report 18th November

Yesterday on the 18th of November we had a security incident, the vulnerability has since been identified and has been patched.

In the late afternoon UTC a user opened up two trades with two different traders on our site, the buyer then managed to release both escrows to himself without the traders knowledge. Thanks to quick reporting and cooperation by both traders we were able to react quickly and start investigating the incident.

After conducting a thorough investigation we can conclude that this incident was isolated to these two trades. The vulnerability was related to a legacy feature on our site and only traders with certain advertisements were vulnerable. The vulnerability has now been fixed and LocalBitcoins will issue full compensation to both traders in order to cover their losses.

We want to thank our users for quickly reporting the incident to us so that we could take immediate appropriate action.

Thursday, October 8, 2015

Improving the privacy of LocalBitcoins E-mails

Privacy is something we believe to be important at LocalBitcoins and an often requested feature has been to limit the sensitive information that is sent via e-mail when you go through the trading process here at LocalBitcoins.

We've now released a new feature that changes the appearance of notification e-mails. By opting-in to this feature the contents of sensitive e-mails will be replaced with a generic notification prompting you to log in to LocalBitcoins and see what's up.

This helps you keep your privacy by limiting the places where you have information about your Bitcoin trading stored to just your LocalBitcoins account. This means that even if someone reads your e-mails they will not find out any detailed information about your trading on LocalBitcoins.

If you want to opt-in for this feature, you can activate it by doing the following.

1. Visit LocalBitcoins.com and log-in to your account.



2. From the navigation bar at the top of the page, click on the user icon and select "Edit profile".



3. Click the check box for the option "Disable sensitive information from email notifications".



4. Scroll down and click the Save Profile button.




Once you've opted in to this feature all sensitive e-mails will all look the same, no matter the content. You can see an example of what it looks like the screenshot below.



Happy [         ]!

– LocalBitcoins team

Monday, September 28, 2015

Shortening the time to dispute

Today we’re making a few changes to the dispute system to improve and simplify the trading experience on LocalBitcoins. From now onwards dispute times have been lowered to 12 hours for both buyers and sellers. Against new users with few trades, sellers can start a dispute after one hour.

Before today, buyers had to wait 24 hours before they could open up a dispute against an unresponsive seller and sellers had to wait 72 hours before they could open up a dispute against a buyer. This meant users had to sometimes wait several days before a resolution to their dispute could be made. Now, the process will be much faster.

We hope these changes will provide for more frictionless trading on LocalBitcoins and improve the liquidity of traders. We’ll be looking closely at the effects this change will have over the next few weeks, your comments are also greatly appreciated. Based on this we will evaluate further changes to the dispute process.

Happy trading!

– The LocalBitcoins team

Thursday, September 24, 2015

Trader features: Show user identification, Inline equation editing and watermarks

During the past month we've added three new features to help improve the experience buying and selling Bitcoins on our site.

Opt-in to show real name verifications



Traders can now opt-in to show real name verifications from the Edit Profile page. By opting in to this feature, when a buyer whom you have marked as ID verified opens up a trade with another trader you will be shown as a verifier in the security information box for the trade. This change is designed to improve the value of the Real Name Verification feature.

Once you've opted in, your name will be shown in trades of users whom you have verified along with when you have verified the user.

 Edit equations inline 



When you have several advertisements running it can be difficult to manage the pricing equations of each advertisement separately. Now you can edit equations inline in your dashboard making it easy and simple to change pricing equations. On the dashboard page where all of your advertisements are listed you only need to click on the equation (which is now underlined) to allow it to be edited. Once you've made your changes you can simply click the save button.

Watermarked images 


Images uploaded into a trade chat will now all be resized to 1200 by 1200 pixels in size and have a watermark applied to it. The watermark is a series of parallel lines containing the trade number as well as our logo, if you find a photo where the lines cross each other it means the photo has been previously submitted to a trade chat on LocalBitcoins. With this feature we hope to make it harder to re-use images that have been shared in trades.

Wednesday, August 12, 2015

Goodbye, New York!



We’re sad to say that due to regulators another region has had to be blocked from LocalBitcoins. From today onwards users from New York are no longer allowed to use LocalBitcoins because of the legislation known as the BitLicense (23 NYCRR 200) which makes it a federal offense to sell virtual currency to people living in New York unless you have applied for the license.

This new regulation would require anyone selling Bitcoins through our service to acquire the BitLicense if they sell Bitcoins to residents of New York. As the Bitlicense is time consuming, expensive and difficult to obtain for anything but large companies we’ve taken the decision to protect our US based traders and not allow New York based users to use our service.

If you reside in the US, you will get a one-time pop up notification requiring you to confirm whether or not you live in New York. All new users will equally have to answer the same question.

This is an unfortunate state of affairs and we hope that the regulation will in the future accommodate small time bitcoin sellers who do not have the possibility to comply with regulations made for big financial institutions.

 For the time being though, we bid New York farewell.

– The LocalBitcoins team

Thursday, June 4, 2015

LocalBitcoins.com largest UK exchange according to new study


Yesterday, UK based Bitcoin news site Miningpool.co.uk released the results of a study on bitcoin use in the UK. According to their results, LocalBitcoins.com is the most used site to buy bitcoins in the UK. The study reveals that LocalBitcoins has 41.7 % of the P2P exchange market, and is the most popular way to acquire bitcoins in the country.

The most surprising fact of the study, however, is that only 13% thought governmental regulation of bitcoin to be bad and a whopping 48% think it is a good thing. A few respondents are cited as saying regulation should encourage bitcoin usage and improve it's public perception. Yesterday with the release of the BitLicense, the state of New Yorks regulation framework for cryptocurrency, the industry receive one of it's first regulations squarely designed around cryptocurrency. It remains to be seen what the effects are on the bitcoin ecosystem.

The study also looked at how UK residents use bitcoins, and the majority said they were acquiring bitcoins for purchases or savings use. Only 20% of respondents said they were engaged in day trading with bitcoins and 18 % said they used the currency to send cash to friend & family.

A summary of the study is available as a slideshare, which you can see below:


Wednesday, June 3, 2015

Hi! I'm Max – The new Community Manager


Hi! I'm Max and the new Community Manager for LocalBitcoins! I started working here around a
month ago so some of you have already seen me active on our forums or on twitter.

I'm based from our office in Helsinki (where it's currently cold and raining!) where I'm also finalizing my bachelors in Marketing. I've got a history in moderating and managing online communities in my spare time however this is my first role as community manager for a company.

I first got into contact with bitcoins around 2011 when my friend showed me how you could mine them using your own computer, but I quickly forgot about it after being annoyed of having to download the whole blockchain when installing the software. It wasn't until early 2013 when I bought my first coins from an exchange, before the crazy 2013 bubble. I was hooked.

Before I started working at LocalBitcoins I was studying marketing full time at a local university while working as a freelance photographer.

So, what does a community manager do?

It's my job to talk with you here, on twitter, on our forums and other place online. I'm here to help facilitate discussion and to solve problems. So, if you've got a problem, have questions about our service or just want to say hi you can reach out to me. You can find my contact details at the end of this post.

You can find me on twitter @LocalBitcoins, on our forums with the username max.localbitcoins and you can shoot me an email at max { *at* } localbitcoins.com

Now the floor is open to you, feel free to ask me anything in the comments below – and I'll do my best to answer!

All the best,



Monday, June 1, 2015

Why this countryside school in Finland gave its students bitcoins

Bitcoins accepted at the Café Lalla Vinde. Photo: Lalla Vinde // Used with permission.
Kemiönsaari is a municipality in the southwest of Finland far away from any metropolitan area. On the outside it looks like any other tiny countryside town in Finland, but looks can be deceiving. Kemiönsaari is at the forefront of bitcoin adoption in Finland, in this sleepy town of 7 000 people you can go out and enjoy lunch at a café and do your grocery shopping – all while paying with bitcoin. And this spring 3 000 euro was handed out to students enrolled at the local high school.

In the town center of Kemiö there are a handful companies that accept bitcoin, almost as much as in the capital Helsinki. You can grab a lunch at Café Lalla Vinde, head over to ZAS data to buy a new computer, take a zumba class at Rehab Center and then go grocery shopping at the K-Store before heading home.

Now the central school in Kemiö has decided to take it a step further giving around 40 of it's 125 students bitcoins. But why?

In Finland, every year thousands of high school students receive small cash awards either from their school or sponsored by local companies and institutions. These are usually handed out for outstanding performance in school or sports. Usually, these are given out as bank checks but with banking services moving online it's become increasingly difficult for students to cash their checks.

That's why this spring all awards at the local high school were given out in bitcoins. The principal of the high school, Ari Rintanen mentiond to HS.fi that the reasoning behind the decision was threefold. First, the currency is quite useful on the island municipality, second it is a good opportunity to try something new while at the same time giving students easier access to their awards.

The local company ZAS data, run by Sami Lappalainen, helped the school with the practicalities of giving out the awards in bitcoin. As the school does not know if a student has a bank account or a bitcoin wallet address they decided to hand out the awards as paper wallets. On the thirtieth of May students at the school received envelopes containing a paper wallet and instructions on how to create his own bitcoin wallet and redeem the bitcoins.

A photo posted by Aleksi Neuvonen withdrawing his bitcoins from a LocalBitcoins ATM. (@leksis) on

Friday, May 22, 2015

Today is Bitcoin Pizza Day!



On this friday in 2010 the first real value bitcoin transaction happened, 10 000 bitcoins were indirectly exchanged for two pizzas from Papa John's.  Laszlo Hanyecz, a programmer from Florida, is believed to be the first person to make a real-world transaction using bitcoin. 

Laszlo posted a thread titled "Pizza for bitcoins?" on bitcointalk.org May 18th 2010 where he said he would pay 10 000 bitcoins for a couple of pizzas. The thread immediately became popular and after several days of discussion, finally, on the 22nd of May Laszlo posted that he had successfully traded his bitcoins for pizza

It was reportedly a user from the United Kingdom that had taken on his offer and used his credit card to buy Laszlo two pizzas from across the atlantic.  Today, those two pizzas would be worth over a million USD a piece and bitcoin pizzaday has become something of a legend. Check out #bitcoinpizzaday on social media for how people are celebrating. Below are a couple of selected tweets. 

Check out the photos of the original pizzas here.

How are you celebrating bitcoin pizza day? Tweet your celebrations to @LocalBitcoins!


Tuesday, May 19, 2015

Bitcoin Tracker One and ETN's explained


Starting yesterday you could invest into the value of bitcoins on a regulated exchange, without having to buy bitcoins. On the Nasdaq Nordic in Stockholm the Exchange Traded Note, Bitcoin Tracker One, traded for close to two million Swedish kroner on it's first day. But what does that mean? What is an ETN and what does this mean for bitcoin?

Photograph of the Nasdaq stock exchange.
Bitcoin Tracker One started trading on Nasdaq Nordic. Photo: Gr1st // CC BY 2.0

An Exchange Traded Note, or ETN, is a financial security that's traded on stock exchanges. Traders can buy and sell shares of the ETN exactly like shares of company stock. Unlike company stock, shares of ETN's don't give you ownership of what they represent, they simply give you access to it's value without having to purchase the underlying asset directly. In other words you get synthetic access to the value of bitcoins.  

Bitcoin Tracker One follows the average value of bitcoins in USD across three exchanges, minus fees to the issuer. It is then divided up so that 200 shares of Bitcoin Tracker One represents the value of one bitcoin.  You can see a good description of how this is structured on XBT Providers website.

Why not buy bitcoins directly? 

If you don't get ownership of any coins, why would you buy this ETN? Because it gives convenient access to the value of bitcoin for investors. The ETN allows people to buy in to the value of bitcoin through the same exchange where they buy other securities – meaning investors do not have to learn how to buy, sell and store bitcoins securely. It removes boundaries that have prevented individuals and companies from investing into bitcoin.  

ETNs are not without risk, as they only track the underlying asset and do not give ownership of it you're at risk of the credit provider defaulting. If XBT goes bankrupt finding a buyer for the ETN may be very difficult. On top of this all of the regular risk associated with bitcoins apply.  

This ETN opens bitcoins up to a wider audience that may have an interest in bitcoin and believe in its future but who still see it as too complicated to buy in. It also gives more legitimacy towards the currency and helps spread the word of bitcoin.   

Bitcoin Tracker One is provided by XBT provider AB which is in turn owned by KnCGroup, a well known Swedish company providing bitcoin mining services. Read more about Bitcoin Tracker One on XBT Providers' website and read more about the parent company KNCGroup.

Thursday, April 30, 2015

Improve trust on LocalBitcoins.com by verifying your identity



A screenshot showing what the Netverify identification process looks like on the LocalBitcoins.com website.
A screenshot of the identity verification process.

Whether you're buying or selling bitcoins it's important that both the buyer and the seller can trust each other. We offer a number of ways to increase that trust, one of them being the ability to verify your real life identity with your LocalBitcoins.com account.

By verifying your identity you get access to more trade advertisements as well as more visibility for your own trade advertisements, if you are a trader.  

The verification process is provided as a third party service called Netverify by Jumio. You can find the link to start the verification process by going to Edit profile on the main website and then scrolling down to verification. Or you can click on this link to start verification.  

In order to verify your identity with your LocalBitcoins.com account you will need a valid ID (Passport, ID card or drivers license) at hand and a web camera. You can see how the process will work on Jumios' website. Right now most countries around the world are supported, with more countries added soon.  

The verification process is automated and is usually completed quickly, 95% of the verifications are completed within 5 minutes. Once the process completes your public profile will be updated to include a check mark showing that you have verified your identity with LocalBitcoins.com.

A screenshot showing a users public profile after ID verification as been successfully completed.
When you have completed verification it will be visible on your public profile with a green checkmark.

Now you will start seeing trade advertisements where the buyer or seller have set it to only show for ID verified accounts and if you are a trader then your trade advertisements will have better visibility.  

Don't forget that you can also verify your e-mail address as well as your phone number!  

Happy bitcoin trading!

Monday, April 27, 2015

Feature spotlight: Opening hours for trade advertisements

Judging when a trader is online and how long it will take for him to reply can be a challenge at times, so we created a new feature for traders that we’re hoping will make this less of a pain. 

While creating new trade advertisements or editing existing ones, traders can now see a new section called Opening hours, where they can set start and end times for each day of the week. This allows traders to set opening hours on a day-by-day basis for when they accept trade offers from customers. 

Outside of the opening hours set, trade adverts will be hidden from public view. Traders can use this feature to only show trade adverts when they are able to actively process offers, making it easier to buy or sell coins without having to guess how soon a trader will reply to your offer.

How to set up
A screenshot showing the new feature on the LocalBitcoins.com website.

To set up opening hours for a new trader advertisement scroll down to the opening hours section of the Create a bitcoin trade advertisement page. Here you’ll see a list of every day of the week and two drop-down menus. The left one sets the time (in your timezone) when you want your trade adverts to appear on the site. The right one sets the time when you want your trade adverts to be hidden away from view. 

You can change your timezone by editing your profile.

Once you’ve created a trade advertisement you can change your opening hours at any time by editing the advertisement. 

Happy bitcoining!



Wednesday, March 11, 2015

Comparison of Multi-Signature Wallets


Wallet name Platform Full-node N of M Multiple wallets Cold storage Wallet encryption License Other Interesting
Armory Windows / Linux / Mac full node 1-7 of 1-7 yes yes yes AGPL Very feature-rich. Officially still in beta. **
Electrum 2.0 Windows / Linux / Mac thin client 2 of 2-3, also w/ 2FA yes yes yes GPL Feature-rich, 2 factor authentication support **
GreenAddress Web / Mobile / Chrome - 2 of 2 (2FA), 2 of 3 (2FA w/ backup key) yes - yes? private keys not stored on server LGPL All transactions require 2 factor authentication confirmation from the service, implemented with multisig (improved security). Support for nLockTime (releasing funds without requiring confirmation from the service after a set time has passed) **
Bitcore Wallet Suite Linux / Mac? / Win? (written in node.js) full node ? m-of-n yes yes yes MIT Full suite for building client-server (REST API) multisignature, HD bitcoin wallets, contains a command-line client by default. Only recently published *
mSIGNA Windows / Linux / Mac full node (connects to bitcoin core) 1-8 of 1-8 yes yes yes MIT/AGPL *
Copay Web / Mobile / Chrome - 1-4 of 1-6 yes - yes MIT Still in beta, profiles (private keys) can be saved in the cloud or on the device used to create them, made by bitpay *
Coinb.in Browser (Fully client side) - 1-15 of 1-15 yes yes, with labor yes MIT runs in browser but fully client side, so can be downloaded and ran locally
Bitcoin Core (the official client) Windows / Linux / Mac full node m-of-n, command-line only in principle command-line only yes MIT The official Bitcoin client. Very well tested but not so feature-rich
CoinKite Web - 1-15 of 1-15 yes (depending on paid plan) - yes proprietary Other nice features, such as a "debit card"
Ninki wallet (1.1+) Chrome - 2 of 3 ? ? ? ? (source in github repo, no LICENSE file) Still in early development, 1.1 unreleased, 2 factor authentication support
Dark wallet (ALPHA!) Chrome - 1-15 of 1-15 ? yes ? ? AGPL In early development, not recommended for use!
Bitcoin Authenticator Windows / Linux / Mac ? only 2FA yes? ? ? ? Still in alpha
Trezor Hardware - ? - - - ?
BitGo Web - m-of-n ? yes - yes? ?

Hover on table to enlarge

The above table shows a comparison of multi-signature (multisig) Bitcoin wallets. Information from the wallets was obtained by testing (all wallets except Bitcore Wallet Suite, Bitcoin Authenticator, BitGo and Trezor were tested at least superficially) and by surveying the web sites of the wallets. Cells marked with dashes were not applicable (e.g. full node for a web wallet) and cells with question marks contain data that was either unclear or not found. Should you notice any errors or know about multi-signature wallets not in the table, please leave a comment and we will take them into account!

For a quick recap, a multi-signature Bitcoin address differs from a “traditional” addresses in that transactions from the address require signatures from multiple different private keys. For an example a 2-of-3 multisig address has 3 associated private keys, 2 of which must be used to sign each transaction from the address (in general, the notation m-of-n means m signatures required from n associated private keys). Uses for multi-signature addresses include enhanced security (some addresses can be kept in cold storage or secured with two-factor authentication), supporting wallets with multiple owners (think 1-of-2 for a couple’s spending account; or 2-of-3 for a child’s savings account where confirmation from either parent and a child, or from both parents is required for each spending), and use in escrow services (2-of-3 with two parties and a mediator).

A person looking for a multi-signature wallet has several options, based on their needs. Common questions one should ask from themselves when selecting a wallet include the following:

  • What platform does the wallet need to run on? In practice, this usually translates to “Do I prefer a web-based or software-based wallet?”
  • If going for a software-based wallet, do I prefer a full-validation (full node) or a thin client wallet? Full node wallets require download the whole Block chain, resulting in a larger start up time and space requirements, but offer more control and an additional layer of security in return.
  • In what way am I going to use the multi-signature features of Bitcoin? Many wallets offer only a limited range for m and n (in m-of-n). Some wallets also have built-in two-factor authentication support, implemented using multisig.
  • What other features do I have in mind? Common requirements include wallet encryption (supported by virtually every software out there) and cold storage support (maintaining a wallet on a machine that’s not connected to internet to store Bitcoins and sign transactions, using another machine to broadcast them and to view transaction history)

Wallets that offer the best of a various combination of requirements are marked with stars in the “interesting” column of the table. These include:

  • Software wallet / Large m-of-n: Armory or mSIGNA (also maybe Bitcore Wallet Suite)
  • Software wallet / Thin client: Electrum (see this post for an introduction to Electrum)
  • Web wallet / Insane privacy features: GreenAddress
  • Web wallet / Large m-of-n: Copay
  • Cold storage support: Armory, Electrum or mSIGNA
  • Building my own wallet: Bitcore Wallet Suite

Feel free to post your own experiences and recommendations in the comment section of this post!

Friday, February 13, 2015

Thin wallets with Electrum


Electrum (https://electrum.org/) is an open-source, light-weight Bitcoin client, available on Windows, Linux, OSX and Android. This post aims to give the reader a quick introduction to its usage and features.

Full-node Bitcoin clients, like the official Bitcoin Core client, maintain a copy of the whole blockchain on the machine the client is installed on. By contrast, light-weight clients such as Electrum rely on a server to provide the transaction history for a wallet and to broadcast new transactions to the bitcoin network. This means that the client can skip downloading and synchronizing the whole blockchain (over 28GB at the time of writing), resulting in virtually no startup time and much, much lower space requirements.


To begin using Electrum, download the program from https://electrum.org/download.html. On first use, you’re prompted to either create a new Bitcoin wallet, restore an existing one from a seed or create a read-only copy of an existing one.


Choosing “create a new wallet” automatically generates a wallet from random data, and gives you a seed that can be used to restore the wallet in case of computer error. Write down the seed and store it in a safe place!

Electrum supports encrypting the private keys associated with a wallet using the AES-256-CBC algorithm. Create a password for the wallet if you wish to do so!


In the next step, you’re asked to either auto-connect to an Electrum server or to pick one yourself. Either choice should be fine, as the only place where the client has to trust the server is providing the transaction history. The server has no knowledge of the client’s private keys, so there’s no risk of a malicious server stealing a client’s bitcoins, though it theoretically possible (if unlikely) for the server to provide an incorrect history of previous transactions for the client.
As of 2015, LocalBitcoins hosts an Electrum server, electrum.localbitcoins.com, which is available using the SSL (port 50002) or TCP (port 50001) protocols.


After connecting to the server, you should get a window with your transaction history (empty in case of a new wallet) and a green light in the bottom-right corner. In case the light is red or the top-left corner reads “not connected”, click the light button and select another server.


And you’re all set go! Other features of Electrum include supporting multiple receiving addresses per wallet, synchronization between different computers and cold storage support. For a full list, and more details about the software, see https://electrum.org/.