Topic: Instawallet claim process - page 27. (Read 79281 times)

Again, an assumption, by some sort of logic backflip gets transformed into factual information. Did you read the results of our independent security audit? You did not. Did you bother to string a few words together, have them translated and shoved in a mailbox? You did not. Do you make up factual information on the basis of your imagination? Looks like it!



You were explicitly told about the switch, and chose to keep your funds there. That's exactly where the scope of "your business" ended in a small poof of "i don't care", apathy is not, and will never be an excuse to anything.

Oh, and you still didn't say how it could be in any way relevant to the matter at hand.



We did it as a courtesy, because communicating on open cases to some angry mob is not usually how it's done.



I guess I didn't notice the tact among the threats, internet policemen and the "let's streetview the fuckers" being thrown around.



I'm sure teh forums will get right on that.
Now if you'll excuse me, I need to go do some actual doing.

It is common sense that the possibility of arranging a cold wallet setup and surveillance which protected against catastrophic loss existed.  Was it to much to ask that your organization managed to do so?  My answer is 'yes'.  You guys talked a big game, but then everyone does that.  I knew my funds were at risk all along.


Given that the funds you bought or were given by Jav (and subsequently lost or stole) were funds that I personally deposited, it is distinctly my business.


You were hardly 'Johnny on the spot' with information about the police report other than an initial assertion that you had filed one.  It would have been ultra simple to have simply followed up with some simple information when probably 50 people asked about it.  And most of us asked with the utmost in tact.  It would have saved endless grief and hard feelings.  To this day there is no explanation for your failure here other than sheer arrogance.

More information will be available once we see how your dispensation is handled.  This will be useful for further perusing the matter if such a pursuit is undertaken at all.

No, what is being said is that there is no such thing as a deposit insurance that is both free and unlimited, which is quite basic common sense.


I don't really see how that is: for one any of your business, and for two remotely relevant in any way.



No, actually what is a hard to comprehend is how some users manage to keep insinuating stuff after being shown the police report we filed, and being told in this very thread about how they can independently associate themselves to the official investigation.

Do it or don't, but don't complain you're not given the keys to independently inform yourself, we already have more than enough talkers in bitcoinland, but it's doing that makes a difference.

If a customer losses access to their money it is accompanied by an explanation.  Unsophisticated users are pretty much always made whole and it happens in a timely manner.


It would be unlikely because there would be an investigation and punishment, so no.  This is not the case with Bitcoin.  It is trivially easy to steal money and I cannot think of a time when a theft has been officially investigated or prosecuted.  I am also unaware of anyone who has been punished in an extra-judicial manner over and above some name-calling on a forum.  Thus, the barrier to theft in the Bitcoin ecosystem is extremely weak and naturally it happens a lot.

On top of that, many people who were attracted to Bitcoin in the first place have a reason to wish to hide or obfuscate wealth, and that is likely due to prior instances of theft.  (Wagner, BFL, etc.)

Your statement seems to remind me again that you see some justification for the loss among your customers by virtue of not charging a fee.  I'm calling bullshit on this, and especially since it is not yet know how you acquired the funding from Jav.


It is hard to imagine you building a successful business with an attitude of "We didn't try to lose your money so it's cool." and "Trust what we informally write on a forum and shut up about it."

Thankfully it is possible in crypto-currency land to build a system which mostly precludes trivial thefts of the type that Instwallet users fell victim to.  I strongly suspect that the entities who develop along these lines will thrive and the 'trust us' dinosaurs will fail in offering a desirable solution.  You can join 'Tom Williams' and a host of other's who have ushered in an era where user's watch out for their own asses.

Maybe you shoud think twice. When your bank gets hacked (banks get hacked routinely, through phishing attacks, bank card fraud,etc.),
1. your bank does not tell you unless you complain
2. you pay for the hacks through various bank fees that apply to all accounts whether they are hacked or not.
Do you presume your banker to be a thief ?
Compare this with your expectations regarding bitcoin businesses.
What you are saying is I cannot compete with banks until I am offering a perfect service perfectly free of charge.
This is exactly what the "regulators" (meaning retired bankers or revolving doors bankers) want you to think.

It starts to me remind the BFL scam. If I do not see popup balloon on July 11 I know I'm scammed for first time with bitcoins. Time will show.

Damn I intended to store the coins on niggerwallet for only 2 weeks when I reinstall my computer and start with fresh wallet. Really really bad timing.

Sorry to follow up on my own post, but some people may find it interesting.  So, while we wait...


I +100 to that, BTW.


I actually consider the handling to be evidence of non-wrongdoing on the part of Bitcoin Central.  Here's why:

This things started out by 'thefounder' proposing a (fairly meaningless) weakness in Instawallet.  It was, however, sufficient to get me to finally take action to draw down some of my balance which I'd been meaning to do for a while and had not gotten around to.  I suspect that others had a similar reaction.

The theft happened very shortly thereafter.  Bitcoin-Central displayed the kind of confusion in their various responses that I would have expected from a non-perp.

The lock-down of their various services and correspondence about things around this time are also what I would have expected from a small organization who was struggling to understand the scope of the failure.

Most critically, the timing of planing and code development necessary to implement a reconciliation were also exactly what I would expect in an innocent scenario.  Were this theft a carefully planned operation, I doubt that Davout/Boussac would have had the foresight to match their operations to the observations I've made, but it is certainly possible.

In the days ahead we will find out how interested Bitcoin-Central is in providing more transparency and hopefully what actions they have taken to resolve and prosecute this crime.  If any.

Sounds like a plan!  Now, where can I take mine for the 1.notmuch BTC I'm expecting next week?

That's a bit strange then, i would have thought they would have updated the info.

Either way if i get my money back this Thursday all will be forgiven and I'll be taking the missus somewhere nice for the weekend

I took that picture today.  Anyone with funds at Instawallet who didn't come here to find out that info would not have any way of knowing that the information currently on display is wrong!  It's not like they've had nearly three full months to fix that...

Also, not to split hairs, but 2013-04-11 + 90 days is 2013-07-10, not 2013-07-11:

mysql> SELECT (DATE_ADD('2013-04-11', INTERVAL 90 DAY));
+-------------------------------------------+
| (DATE_ADD('2013-04-11', INTERVAL 90 DAY)) |
+-------------------------------------------+
| 2013-07-10                                |
+-------------------------------------------+
1 row in set (0.00 sec)

They have admitted that they said two contradicting things. They said the 1st of July but they also said 90 days and as you can see in your pic the process started 11th April.

Although annoying I know i would be pretty pissed off if i had only found out on the 4th July what had happened at Instawallet and wanted to claim my funds back, only couldn't because it had all been re-distributed.

Personally, I think it was the only thing they could do in the circumstances.

5 days and counting now anyway.

What are we counting down to?  According to the claims screen the date that money will pay out has passed!  Check for yourselves!



What is going on that suddenly there's another x days to wait?

I appreciate your +100, but do need to voice my opinion about how the timing of the supposed reconciliation was handled.  My opinion is that in this respect Bitcoin-Central did a reasonably good job.  If Boussac and company are innocent of wrongdoing, the theft was an unfortunate event and it could be expected that all participants take a share of the inconvenience if not the cost.  For my part I was always keenly aware of the risks I was taking by having funds in Instawallet and have no complaints about shouldering some of the inconvenience.  One quarter seems appropriate to allow semi-interested users and (supposedly) law enforcement to analyze and take various actions.

One of the many hypothesis that remains completely open (thanks to Boussac's neglect) is that this was an inside job.  A key to games like this is to leave oneself various options to account for future unknowns.  It could have gone something like this:

 - BTC values rise and Bitcoin-Central decides to 'go'.  They arrange a theft and cash out which, owning several related properties in the exchange space, they are relatively well positioned to arrange.  It is known that Bitcoin-Central took some action to obtain the funds (including 'mine') from Jav, but unknown whether a plan of absconding with them at some point was ever part of the reason why.

 - If in three months BTC values are way up, they fold as insolvent.

 - If in three months BTC values are down, they buy in to make everyone whole, then keep the excess.

If there is a legitimate investigation with the power to subpoena and audit Bitcoin-Centrals records such a thing can easily be determined.  If there is not, and if one never emerges (and if the crime remains otherwise unexplained) then there will always be a question about whether this is what happened.

Again, because Boussac or anyone else says something on an e-mail or a forum is simply useless in understanding the reality of this event.  Analysis of what someone said can uncover a lot.  That is why smart perps say as little as possible, and why I personally am very suspicious when people avoid transparency.

Assuming they shorted them after they had problems - if they shorted them at $50, then they'll have to wait a few days before they can buy them back at a cheaper price (maybe by the 11th) - fingers crossed.

+100

There needs to be an absolute baseline here.  If you hold bitcoin deposits and you suffer a hack, either provide rock solid proof of the event, and measures taken to resolve the issue in the justice system, or be presumed to be the thief.

If you are holding bitcoin for third parties, you are responsible for the bitcoin. There is no 'my dog ate my homework here'  any loss of bitcoin should be 100% borne by the holder.  If you can't manage to resolve the issue in a timely manner, everyone should abandon you and your services.  And 3 months is not timely.

That is an absurd statement.  Anyone who has observed the Bitcoin ecosystem and has some analytic abilities will need to presume as the automatic strongest hypothesis that a theft such as this was an inside job.  It is from that point that one begins to acquire evidence which corroborates or knocks out the various hypotheses.  You were remiss in providing almost any verifiable information and because many of us were directly harmed, we deserved to have it.  You just typing some words has almost zero value in analysis such as this and you known this.  Or you should.

As to the absurdity of the '4' statement, only a minority of those active in the ecosystem and almost certainly a minority of those who suffered from a loss related to Instawallet are active on this forum.  Additionally, a natural reaction in dealing with an entity which has power over one is to assume a position of subservience and even actively support the entity which victimizes them in hopes of garnering special treatment.  BFL can attest to this.  Relatedly, so can the French government vis-a-vis Morales/Snowden affair to use a recent example.  In short, most individuals and governments are weak and pathetic...and most scammers and super-powers understand this principle and exploit it fully.



WTF?  You never claimed to be able to pay everyone off for the money you lost, or if you did I didn't see it.  It's pretty weasely to claim that you remain solvent under a scenerio where you pass the losses off to a fraction of the largest accounts.  Just because the modern banking system does so does not make it right.

That reminds me of yet another aspect of your incompetence.  If large accounts were going to cause you grief in the face of a successful system level attack (and the likelihood of such an attack seems one of our rare points of agreement) then you were remiss in capping account sizes.  How remiss I am not certain because you have so far failed to produce the state of the text that you presented to Instwallet users.

My only 'suffering' will be if I take the lazy/easy way out and drop this thing.  I will know I should have done better.  Whether I fail here probably will be only due in a minor way to whether you pay me the 20-ish BTC you lost on my behalf and more to do with external priorities and interests.

It will mine.

In all seriousness though, this has been a hell of a ride. For some there has been a lot of money (rightly or wrongly), at stake and tempers have been tested. Let's see how it pans out.

Here's something to think about though.

If you were the guys behind the company that had to deal with this, how would you have done it any better? Ok, maybe Boussac could have been a little more 'customer friendly' at times and for sure a little more communication at the very start would have been great but assuming that Boussac, Davout and the Instawallet/Paymium crew have been honest throughout the whole thing and there sole intention is to repay the customers as best they could and as they say, 'become the first bitcoin business to successfully deal with a cyber attack and repay their customers' I don't know how i would do it differently.

There had to be a period of time around 3 months mark to assess all claims to the money. If not, the possibilty of people not finding out about the claim process for funds in wallets they had becomes real.

They had to have an element of 'radio silence' at the start as i'm sure they were trying to work out what had happened and didnt want to give wrong information.

They needed to take things slowly and if you think back to when the shit hit the fan it was only 11 days until the claims process was up. Sure, it felt like forever but considering what happened i think if they do as they look like they might now do I think they must be commended.

Everybody makes mistakes, it's how they are dealt with and what lessons are learnt going forward. If i receive my funds back I will not hesitate to use their services again. Paymium and Bitcoin Central i know little about admittedly but if a company goes to this effort to return funds which a lot of people have written off for good ten there must be somebody decent at the top of the tree.

6 days and counting, let's see how this shit shakes up.

Our handling of the situation was insufficient to cure the paranoia of 4 users out of thousands of instawallet users

You are questionning our solvency without any ground, ignoring our annoucements.
Hence your basis for using the word incompetence is not facts but prejudice.
I will leave it at that since we are now only days away from paying out the claims, although I doubt that will put and end to your suffering.

I agree that it is unrealistic to expect with high probability to thwart a system attack undertaken by capable adversaries.  But you guys should have been aware of this from the get-go.  If/when the mechanics of the attack are made known to me I'll refine my judgement about this aspect of things.

My chief complaints of incompetence are several:

 - Your handling of this situation what sufficiently weak to turn at least a number of your customers from tentative supports into vicious adversaries.  And I believe that certain of us were unusually rational and patient for a surprising amount of time.

 - If you lost enough money to call into question your solvency or ability to re-pay the losses, your funds management and surveillance strategies were not up to the task.

There are a lot of details about this event, and about Bitcoin-Central's aquisition of the Instawallet funds, and about Bitcoin-Central's operations which are not currently known either in public or to me personally.  For my part I decided that it was not worth my time or money to pursue answers to some of these questions until seeing if/how the reconciliation progressed.  Your implementation of the recovery strategy as published seems coherent and reasonably well thought out to me.

I confirm that we met in San Jose and that the conversation was pleasant, unlike the posts I had read.

That being said, if you are using the word incompetent to mean being able to withstand a vicious cyberattack, put in place a claim process in a matter of days and process thousands of claims in the fastest ever refund operation in the short history of bitcoin, then I am afraid we are separated by a common language.

I do not know of any significant business (in or outside the bitcoin ecosystem) that does not suffer of some amount of fraud or cyberattacks these days because there is no such thing as a zero-risk operation.