Comprimised Localbitcoins Account

Hoping someone can help with a bit of an OpSec refresher and guidance on choosing / setting up a new BTC wallet safely.

Up to this point I have been making DMN purchases by purchasing coins on LBC and transferring directly to Agora. A few weeks ago my LBC account was compromised, (I believe through phishing or [ignorantly] using LBC while on TOR, and my coins were stolen. Whoever stole the coins enabled two factor authentication (which I did not have at the time of compromise), so I had to wait two weeks to get new codes.

This week I was able to log back into my account successfully with the new two factor codes, but after making a BTC deposit, I was told by LBC that my account was high risk and I must provide ID and a photo of me holding it in order to have the hold on my coins released.

If I provide this info I obviously would like to start purchasing with a new LBC account / holding my coins in a new wallet. Should I simply set up a new LBC account with an anoymous email for future purchases. What would be the best way to transfer my coins out of my current LBC id verified account once the hold is released.

I am also concerned that if I provide my ID to LBC it will be linked to all of my past wallet transactions which include direct transfers to my Agora wallet.

Many thanks for any insight on how to move from my current LBC situation to something more secure.


Comments


[3 Points] -lobali:

They will link all the transactions, yes.

When you make purchases with circle, send the coins to an intermediary wallet; any would do. Multibit or electrum or any anonymous one. That way circle just sees you transferred then - you sold them for a few extra dollars to someone else, you don't know what they did with them.

But don't send coin from exchanges to markets. I'm not big myself on tumbling but I at least create a multibit wallet, wait a few hours, then send to market. I appreciate markets that give you a new address after every transaction and I send round numbers, then deposit the change into another one immediately. I never leave less than a hundred bucks or so on circle and j wait a few days before mocknf my change into my new "to market" account.

I'm not a huge DNM buyer but I understand blockchain well enough that those are quite sufficient steps to obscure transactions, and likely too much.

There are just too many hurdles to "catch" people via blockchain - articles about arrests will almost always say "blockchain analysis proved fruitless."

It's just not how people are caught. But enough market addresses are known that it's not safe to send them directly from market to exchange.


[2 Points] dnmthrowaway15:

Can anyone explain how was it hacked? Is it via bruteforce or middle tor attack?

How is it possible?