Ultimately, which information a true client could submit that the hacker could not for the claim?
A true client could potentially get third parties to vouch for their identity, those who had sent bitcoins into and received bitcoins from that address.
Topic: Instawallet claim process - page 46. (Read 79243 times)
Ultimately, which information a true client could submit that the hacker could not for the claim?
A true client could potentially get third parties to vouch for their identity, those who had sent bitcoins into and received bitcoins from that address.
Ultimately, which information a true client could submit that the hacker could not for the claim?
Why not more information? You failed to answer some very basic questions that everyone is wondering:
- How much was stolen?
- How much will those with more than 50 BTC be missing when they attempt to make a claim?
- Why aren't you covering the stolen amounts out of your own coffers? It was your site security that failed, not the fault of your users.
- Given that your company is insolvent (obviously, or you would be able to pay everyone back in full), are you not afraid of being sued for the remaining amounts and then being investigated for criminal activity as a result? It is against the law (at least in the US, not sure about European countries) to display favoritism to one creditor vs another when you know the company is insolvent. All account holders should be taking the same haircut and be repaid by the same percentage of their original balance.
FWIW, I have no stake in the game. I am just disappointed in how this is being handled.
- How much was stolen?
- How much will those with more than 50 BTC be missing when they attempt to make a claim?
- Why aren't you covering the stolen amounts out of your own coffers? It was your site security that failed, not the fault of your users.
- Given that your company is insolvent (obviously, or you would be able to pay everyone back in full), are you not afraid of being sued for the remaining amounts and then being investigated for criminal activity as a result? It is against the law (at least in the US, not sure about European countries) to display favoritism to one creditor vs another when you know the company is insolvent. All account holders should be taking the same haircut and be repaid by the same percentage of their original balance.
FWIW, I have no stake in the game. I am just disappointed in how this is being handled.
What
I can name at least one : the IP address(es) from where the wallet were usually accessed. He may know the addresses (if they are stored in the database) but he may have some difficulties submitting the claim from one of them.
I hope (and I think) that Paymium will watch from where the claims are submitted and in case of doubt (TOR exit, known proxy) they will ask for more details from the one who fills the claim.
tough luck then for those that were accessing their wallets through tor
Well I can't imagine someone installing tor and then using instawallet (except for mixing coins on a very short term basis), but why not ? If they previously accessed their wallet from tor and claim it via tor it should be ok.
What about the date that they were created? Do you think the hacker would have this info?
This. What info could we have that the hacker does not?
I can name at least one : the IP address(es) from where the wallet were usually accessed. He may know the addresses (if they are stored in the database) but he may have some difficulties submitting the claim from one of them.
I hope (and I think) that Paymium will watch from where the claims are submitted and in case of doubt (TOR exit, known proxy) they will ask for more details from the one who fills the claim.
Well I can't imagine someone installing tor and then using instawallet (except for mixing coins on a very short term basis), but why not ? If they previously accessed their wallet from tor and claim it via tor it should be ok.
What about the date that they were created? Do you think the hacker would have this info?
Whats tor?
This. What info could we have that the hacker does not?
I can name at least one : the IP address(es) from where the wallet were usually accessed. He may know the addresses (if they are stored in the database) but he may have some difficulties submitting the claim from one of them.
I hope (and I think) that Paymium will watch from where the claims are submitted and in case of doubt (TOR exit, known proxy) they will ask for more details from the one who fills the claim.
steelboy will be a hero member by the time he gets his coins back!!
Have you phoned him steelboy?
Have you phoned him steelboy?
Lol
I have called and left a message.
steelboy will be a hero member by the time he gets his coins back!!
Have you phoned him steelboy?
Have you phoned him steelboy?
Their were people with more than 50BTC on an instawallet? 
Why would anyone do this... Guess they learned a lesson.
Why would anyone do this... Guess they learned a lesson.
This. What info could we have that the hacker does not?
Also, did the hacker know the balances of each URL or did they have to search each one?
Also, did the hacker know the balances of each URL or did they have to search each one?
An intruder was able to access the instawallet database. As a result, all "hidden" urls, i.e wallets, have been compromised and are no longer safe to store bitcoins.
So, how are they any good to handle the refunds with / base refunds upon? Surely the hacker could just submit all the URL's he found (and copied) straight into the refund process and cash out again?
When will you start receiving claims?
If you could, please state:
1) That the claim infrastructure will be accessible by visiting the URL of the instawallet (if true.)
2) When the infrastructure is in place to make a claim.
3) The type of information needed to make a holding claim. Such as:
- extra contact info such as a bitcointalk.org username of a contact e-mail address if it may be useful in order to resolve conflicting claims.
- a recollection of the recent utilization patterns.
- anything else which may require some thought on the user's part.
From a user perspective, I would like to visit the URL one time and input all the necessary information without needing to halt to do a lot of research, etc.
Thanks.
1) That the claim infrastructure will be accessible by visiting the URL of the instawallet (if true.)
2) When the infrastructure is in place to make a claim.
3) The type of information needed to make a holding claim. Such as:
- extra contact info such as a bitcointalk.org username of a contact e-mail address if it may be useful in order to resolve conflicting claims.
- a recollection of the recent utilization patterns.
- anything else which may require some thought on the user's part.
From a user perspective, I would like to visit the URL one time and input all the necessary information without needing to halt to do a lot of research, etc.
Thanks.
1) do you still have a database of outgoing transactions that were not broadcast?
For several hours before instawallet went offline, outgoing transactions had not been sent
out. Will you be able to process claims for those? (I'm an unlucky owner of one such wallet,
and it held over 50BTC, so I'm worried)
2) there's an additional way to prove ownership of a wallet: sign a message with keys for addresses that
were used to fund a wallet (not everyone has those keys, but some of us do). This can be useful
if more than 1 claim is submitted for the same wallet.
3) can you say how much funds were stolen?
But the 0.5% of wallets you can't refund in full will contain the majority of the money. How many btc were stolen?
Also, what about transactions over 50btc that were sent out of a wallet before the website went offline but did not reach destination? Support was contacted as was Davout on the forum. Surely this must be repaid in full?
Apologies for my shortness, I am obviously worried about my coins.
But the 0.5% of wallets you can't refund in full will contain the majority of the money. How many btc were stolen?
reserved
reserved
reserved
Jump to: