Security
LocalUSDT is designed so that the platform never has access to your private keys, cannot read your messages, and cannot withdraw from escrow. Here's how each layer of the system works.
Self-Custodial Wallets
When you create an account, a cryptographically secure master key is generated in your browser using the Web Cryptography API. This master key is the root of everything in your account — your wallet private keys and messaging keys are derived from it.
Your password never leaves your device. It is transformed into a cryptographic key using PBKDF2 with at least 100,000 iterations and a random salt. This stretched key encrypts your master key using AES-256-CBC. The encrypted master key is stored on our servers, but it is useless without your password.
The master key cannot be changed. From it, two keys are derived: an identity key (for ECDSA digital signatures on the secp256k1 curve) and an encryption key (for encrypting other private keys with AES). Changing your password simply re-encrypts the master key with a new stretched passphrase.
Authentication & Two-Factor
Two-factor authentication is mandatory and happens before the encrypted master key is delivered to your browser. This means an attacker who somehow obtains the encrypted key material from our database still cannot attempt to brute-force your password without first passing the two-factor challenge.
Email-based 2FA is the default. Time-based OTP (e.g. Google Authenticator) is also supported. SMS is not supported as a 2FA method because SMS is not safe.
After two-factor verification, the login process uses your password to derive the decryption key and attempt to unlock the master key. A successful decryption proves ownership. The browser then signs a server-provided nonce with the identity key to complete authentication.
End-to-End Encrypted Messaging
All trade messages are encrypted in your browser before they leave your device. LocalUSDT transports the ciphertext but cannot read the contents.
When you first create an account, your browser generates a pool of signed ephemeral key pairs (pre-keys). These are uploaded to LocalUSDT's key server so that other users can initiate encrypted conversations with you even while you're offline.
When a trade starts, the initiating party performs an Elliptic Curve Diffie-Hellman (ECDH) key exchange using their freshly generated taker key and the recipient's pre-key. This produces a shared secret that only the two parties can compute. Two further keys are derived from the shared secret: one for AES-256-CBC encryption and one for HMAC-SHA256 message authentication.
Each trade conversation uses a unique shared secret. Sharing a secret with the arbitrator during a dispute reveals only that trade's messages — not any other conversation.
Non-Custodial Escrow
USDT during a trade is held by an on-chain smart contract — not by LocalUSDT. The smart contract enforces the following rules:
- The seller can release escrowed USDT to the buyer at any time.
- The buyer can cancel the trade and return USDT to the seller.
- The arbitrator can direct USDT to either the buyer or the seller if a dispute is raised — but can never take it for themselves.
- The platform cannot withdraw from escrow under any circumstances.
Escrow contracts are deployed on each supported network (Tron, Ethereum, BNB Smart Chain). The contracts are publicly verifiable and open source.
What's Centralized
Like any practical system, some components are centralized. We believe in being transparent about this:
- Reputation & feedback — stored in a centralized database.
- Offer directory — hosted and searchable via centralized servers.
- Trade metadata — amounts, currency codes, and timestamps are stored unencrypted so the platform can function.
- Notifications — email and push notifications are delivered by centralized services.
- Key server — public keys and signed pre-keys are distributed by centralized infrastructure.
Known Limitations
- Lost passwords are unrecoverable. If you lose your password, no one — including LocalUSDT staff — can recover your account or wallet. Back up your credentials.
- Compromised accounts cannot be fully recovered. Changing your password re-encrypts the master key, but if an attacker has already obtained the master key, they retain access. You would need to create a new account.
- Web delivery trust model. As a web application, your browser downloads code from our servers each time you visit. If our servers were compromised, an attacker could theoretically serve modified code. We mitigate this with HTTPS, security headers, and integrity checks — but the risk cannot be entirely eliminated for any web application.
Ready to trade USDT peer-to-peer?
Connect with email or your Web3 wallet. Start trading in minutes.