Topic: Instawallet claim process - page 42. (Read 79284 times)

Can I just ask, (and please don't take offence), if this is your only forum account Pyedpyper?

It's just that with your post count it seems that you have only registered for discussion on this subject. Now, if you are just a lurker who felt could lend an experienced hand to some worried people then great.

Just wondered if you would be kind enough to explain your background.

FWIW I think you are legit just feeling extra cautious regarding what i do now

The initial scope of work I'm envisioning is simply to submit an effective police report (and again, only if it cannot be demonstrated convincingly that it has not already been done.)

It sounds like you have much more legal experience than I...and your losses were more significant as well.  Would you like to drive the set-up?  I'll send a private PM as well.

I agree to prepare now for action on Friday should this be required.

I am hoping/trusting that Paymium are intelligent though and take steps to avert this.

I don't care.  I don't expect to get my funds back at all frankly, and it's not a real big deal to me if I do or don't.   I do want to see the perps suffer whoever they are.  At this point I don't necessarily believe that ~bosack or ~davout are the perps, but by Thursday if they don't give us some satisfaction they will be negligent enough that I won't mind seeing them suffer simply for that reason alone.

The threat of legal action may or may not speed things up.

It just dawned on me that it may be pretty easy and effective to retain the services of a qualified attorney or para-legal via the 'services' section of this forum to at least lodge an initial complaint should Paymium or their attorneys fail to provide a satisfactory response.  And pay for such services in BTC.

My feeling is that it would be fine to start right now to solicit bids for such services in case they are needed, and to better understand what the requirements of the effected parties might be (notarized letters, etc.)  Ideally I would like to have something going into the French legal system by Friday.

I just about tapped out a OP on the 'services' section just now, but figured I'd see if anyone here had any suggestions or wished to work on the text.  ~pyedpyper, for instance, writes in a particularly clear way.

I do not have a stake in instawallet, I did not have any funds there. If I had, and it was some sizeable amount, I would go to France in person, and not leave until I was reinstated the lost funds. I don't believe in having things done through 'authorities' and lawyers. Most of the time, things are quite simple, and it's only a matter of persuading the right person to do the right thing.

I believe anything that can be done privately can be done much more efficient than dealing with any 'official agency' that will do nothing in the end anyway.

Clear tale signs of a scammer and con-man is:

* Evasiveness (don't communicate or do it very poorly)
* Constant delays (to buy time)
* Telling lies, and making up things.

This situation is very simple.

Instawallet has lost funds. From their records, they will be able to see how much funds they lost and how much they've got left. Let's say that 30% of the total funds has been lost as 30% was in the hot wallet and the rest in cold storage.

This means that all users will have to take a 30% haircut. Although users would not be happy with this, they would be happier to get 70% back, then nothing at all. This is the fair way to do it. Setting an arbitrarily limit of 50 BTC and stating that those with lesser balances should be paid in full, while those with a 50BTC+ balance will be paid on a best effort basis does not make sense. It's reasonable to believe that people storing in excess of 50 BTC on instawallet also would have more funds which they would be happy to use to seek legal action and other direct action. So letting these people taking the pain, is not a smart move.

If one is not honest about ones business operations, shit will hit the fan sooner or later - that always happens. Mistakes and fuckups can happen, but people will be more forgiving if there is good and honest communication.

The 90 day claim process is highly questionable, and it's a typical scammer way of evading and delaying the process. After 90 days, people will have 'forgotten', many give up, because they only have small amounts and so on... Lot's of accounts (read: unique urls) should be possible to verify beyond doubt given pieces of information, and should be handled manually on an ongoing basis, then those remaining in an uncertain state should be held until the 90 days are up, and then be released to the person claiming it. To avoid having to pay out to some hacker who've submitted multiple claims, some verification would be possible to do, to ensure multiple claims does not go to the same person. (I know some may have more instawallets, but it's a difference in having 2-3 and having 45...)

There are many pieces of info that could be used to determine whether it's a legitimate claim or not, and these could be handled on an ongoing basis.

For instance a user could be using the same ip for most of his access to instawallet, and he might even be able to remember transactions in or out of instawallet, and he may even have access to adresses from which he previously have sent coins, and can prove he control these, perhaps he even have screenshots from an exchange showing withdrawals to his adress, or have transaction history in a local wallet.

Also, it depends on how much information the hacker got from the database. How much does he know about the users, and how easy would it be to fake a claim ? That's rather important information needed to determine the course of action.

As for the number on the police report, even if this is on paper, and there's not a computerized database of the police report, the owners of instawallet should be able to give a reference to a contact within the french police that can confirm that the case is reported. When this reference is given, one or more members of this forum shold be able to call up the police through their official listed phone number and ask to speak with this policeman to have it confirmed that a police report is filed.

Also there was stated that independent auditing is going on, here Instawallet should be able to give permission to the auditing company to be able to confirm they're infact working with Instawallet on the issue at hand. Again forum members should be able to call the auditing firm to have this confirmed.

Since the communication from Instwallet is not the best, perhaps a 3rd party (1 or 2 forum members) that actually is trusted in the community and that have a high level of technical expertise should move in to assist with the case in determining whether a claim is legit or not. Also, the logs of the web-server should be able to give information about ip-adresses and perhaps also user-agent information. Not sure what server is used, but if it's apache, these logs are archived by default to the best of my knowledge. So it may be possible to extract some information from that. If a user states he always used his home DSL-connection, and the weblogs shows that indeed this is the truth, and the claim comes from the same ip-adress, then that is a very good indicator that the user is legit, if he also can prove ownership of some of the bitcoin-adresses used to fund his wallet, we can almost be certain that the rightful owner has made the claim. In cases of doubt, it may also be possible for the user to contact his ISP and ask them to contact Instawallet and confirm for them that he's a subscriber with them using that IP-adress.

I'm certain there are more things to think of also. For instance some might have used tor, and always accessed the wallet during work-hours, or only during weekends. Unless the hacker has acces to the web-logs, these are things he cannot simply know. Also screenshots of bookmarks to the instawalleturl could give an indication of legitimacy.

There are many datapoints that could be used to determine if a claim is valid or not, and only in cases where it can be proved 100%, or as close to 100% as you can get, the funds should be paid out early, if not there should be some waiting time. I would also suggest that stating how much remaining funds there are, and handing these funds over to one or more trusted members of the community would be a good thing to do. That way, the process would be more transparent.

If an intelligent competent person with a precise eye for details handles the verification procedure, then this should be rather safe. For those users where ownership of the account cannot be reasonably determined, then the waiting period of 90 days before a payout may be justified, but a 90 day payout period as default, that's just ridiculous.


This reminds me a lot about the bitcoinica situation, and I again very sad on behalf on the bitcoin community, and the affected users. Personally I would've ensured that security was as good as it possibly could be for a service like this, and in the event there was a breach of security, and funds were lost, I would bend over backward to have the situation resolved swiftly to the benefit of my customers. If I ran multiple services, and one service suffered a loss and customers would be out of pockets, I would promise them paybacks with earning from my other operations. It's all about being an upstanding individual and conducting business with paying attention to the ethical aspects.

Another thing with bitcoin businesses is that it's so incredible easy to say that you 'got hacked' and then run away with funds, as there is here now - there's no transparency, so we simply does not know.

I can understand that all details is not something that you would like to put in public, but perhaps now is a time to seek help from some of the most competent persons in this community, I'm sure there are several to chose from which have a high level of trust around here. Then these techheads could advise as to the best way of solving this issue.

I have no idea how many instawallets there were, and how much work it would be - but no matter how big the task would be, it must be done - and it should be done swiftly, and the claims process should start now, and be handled on an ongoing basis. Then there should be some kind of ongoing communication updated with stats, so the users can see what's going on and that there's in fact some progress.

If Instawallet owner doesn't have time for this, the work should be outsourced, and I'm sure many users rather would have their balance back now deducted a 5% claim fee (and a maximum of 0.25 BTC pr account), than having their full balance in 90 days. A claim fee could be used to pay the ones doing the manual verification job.

Let me know if there's anything I can do in this situation to help. I am not affiliated with Instawallet, nor do I hold a wallet there with coins, and I've never stored more than about 500$ worth of bitcoins there, but then for a very short amount of time.

I sincerely and genuinely hope that this situation will be solved the best way possible for all parties involved, and that users will learn from this and be wary of web-wallets in general in the future.

Of course.  But there is no telling how such a thing might be represented down the line.  Or how it might look if some other party decided that it would be effective to play not-so-nice.

This is simply my opinion on the matter and does not mean that it is the right way to proceed.  I tend to be cautius about these things and try to anticipate as many future possibilities as I can.  I do like to win when I choose to play.

I agree...as much as anything because I'm busy with other things at the moment.  This will allow some time to formulate the most effective plan if Paymium fails to come through.  Your Thursday deadline seems about right.

Hear you, but I am proposing a simple, courteous information gathering visit - no baseball bats! I think it is quite natural to visit the offices of a company that misplaced your money to enquire what is going on. Nothing sinister in that...

I feel it would be better to wait until Thursday noon. Let's give them genuine opportunity to convince us that they are straight and that all is well. I really think they should have that opportunity. If they fail to make use of it, then for sure, the gloves are off. If they are straight (which I hope) then an avalanche of civil and criminal cases directed at them may make it a lot harder for them to just get on with it and solve it. So I recommend let's not be too hasty.

IANAL, but my gut sense is that it would be counter-productive to take any actions which could in any way be construed or framed as harassment or intimidation.  Such a thing could come back to bite one on the ass in the unfortunate event that it is necessary to move this through the legal system.

Worse, if the Paymium crew turn out to be the perps and end up on the wrong side of some fellow criminal's actions I personally would want nothing whatsoever to drag me into a now greatly expended investigation.

Thanks for your input.

From what you say, it sounds like it would be prudent to just go ahead and file a complaint ASAP regardless of what actions Paymium or their attorneys take (short of returning our funds.)

In your estimation, would it be a positive or a negative for each effected (and interested) user to file a complaint independently, or group them together in some fashion.

Perhaps it would make more sense to retain a French attorney operating on behalf of a group of effected parties from the get-go, and again, ASAP?  What would be your thoughts on this?

Lastly, for anyone familiar with such things, does it make sense for me to involve my attorney here in the US to interact with a French attorney, or is it possible to simply work with a French one directly for something like this.

Lastly (for real),  is there such thing as a 'paralegal' who could reliably handle the natural first steps of filing a complaint and thus lessen the financial and organizational overhead?

Thanks again for any thoughts on the matter.

If you felt moved to pay them a visit and have a face to face conversation that may be very useful. Truth is made more plain in that circumstance. Do you have coin in Instawallet personally?

Very useful - thanks.

My feeling is to remain in a position of "good faith" and file nothing yet, while giving Paymium a clear opportunity to give solid and verifiable information that we can all trust. I really think they should have that opportunity.

However, should they not take that opportunity to start treating their Instawallet clients with a little more respect than they have so far, and continue to demonstrate dodgy communication / behavior then I think it would be fine for criminal and civil suits to fly in their direction from all 4 corners of the earth. Personally I do not think they want that at all - and I do not want it for them. I would rather it all be resolved nicely and easily. But they need to give solid assurance that that is happening first.

Appreciated

However I want all of this from Boussac directly - goes to integrity of the communication process. Regarding your statement that "There is no such thing as a "case number" in France", I find that hard to believe. How could they track or administer anything if there is no unique file number (or similar identifier) associated with each case?? Even if that is the case, the point is for Paymium to provide verifiable proof that a case has actually been opened with the French police. Whatever it takes they must do it. Otherwise more cases will be filed I can guarantee.

Exactly.

Valid point. However, to prove their good faith I will still expect a response to each point, even if that response is "our legal counsel has advised us to not answer this question". The sum total of their responses will certainly reveal if these guys are being straight. And if there is any sign that they are not being straight then I feel it is prudent to take this to the relevant authorities. In offering the services they do they have a direct fiduciary obligation to both exercise care in the management of funds and to communicate transparently with their clients. The latter has certainly not been happening.

And despite what any legal counsel may propose, their obligation remains. And certainly we have a right to know the truth. Frankly at this point no-one even knows if there genuinely even was a hack.

Noted - thank you.

For the record I have also emailed Paymium (for attention Gonzague Grandval) with a copy of the post as well as further invitation to dialog.