Topic: instawallet has fallen new owner stealing - page 6. (Read 13403 times)

Critical: Current Bitcoin network fork. Action needed by mining pools. Merchants should hold transactions.

Valid reason ?
But apparently our bitcoind version is not affected. Should be back to normal in minutes.

Did something happen?
On Instawallet's site, whatever webpage you try to go to, it gives a "We're sorry, but something went wrong." message.
WTF?

Ok, i call troll at this point.  You lose $40K, and start making jokes about jews?  Seriously.

yeah he offers me help with police investigation but after emailing him some more he says there is no way I will get any money back so why would I waste my time convincing a police man to help me get my virtual wealth back.. lol its like if someone stole you monopoly money and you couldn't have family game night anymore. it seems like the owner of the site would try to help me track down a robber from his site, but since he is most likely letting it be hacked or helping with it..im screwed no my computer has not been compromised and yes I have my url on a written piece of paper that I type every single time.. I want my jew gold back lol.. correct me if I am wrong but ownership(went over seas) changed on 3/2/13 didn't it? I could be mistaken but that is what other members have told me that have also been robed in the last few weeks.. everyone get your coins out of instawallet if you don't want to lose them all.. this is a pretty fair warning to not screw up like I did.

One could speculate as much, though I'd say davout is one of the more trustworthy members of this community.  Certainly, $30M worth of BTC is a tantalizing prospect, but many people (myself included) still have morals they won't compromise no matter the dollar figure in question.

So if instawallet has access your coin isn't this just a matter of time till they are hacked, or "hacked" and they all run off with the coins.

Well, it's gotta be saved somewhere on the local computer in order for you to access it again in the future.  Unless you like typing long random strings of characters...

It is very weak security, but that doesn't stop people from using it.  I've used it before too.  It's very simple, convenient, and fast to use, which is nice.  Just don't put significant funds (LOL $40k) in it.

Well, there's your problem right there.  Again, i said in my post that i don't know how instawallet worked.  I assumed (yes asses out of you and me) that they worked like blockchain.info....

Still how did the hacker get the copy of hte wallet (assuming instawallet didn't rip him off)?   it would still be encrypted by ssl.  does the browser page it off to disk?  is all you need to access the wallet is knowing the url?  unbelievable weak security if true.

Instawallet wallets are not password protected.

doobadoo:
You write too much. You should read more. Maybe even triple read you replies before clicking the Post button...
Maybe with a bit more reading you wouldn't confuse Instawallet.org with Blockchain.info....






What the hell is going on with this forum today? Half of the users got brain paralysis or what?

I'm not familiar with how instawallet works.  But i hear that the site sends you a javascript app which is run in the browser.  Your wallet is stored on the server in an encrypted form.  In order to steal bitcoin you must have the wallet.dat's priv keys. 

Lets assume instawallet folks are on the up and up, how would this attack have occurred.
So for a 3rd party to steal your coin he would have to:

1) obtain your encrypted wallet and brute force it:

-Intercept it by snooping your network
or
-crack the instawallet server and dl them all

If SSL is setup properly, i understand that is nearly impossible to intercept it.  even if you can sniff every packet (See diffe-helman exchange)
Crackin the instawallet server, maybe it happened and they do not know/wont admit

But then your wallet would still be password protected.  And unless you used a simple password (rainbow attack) this would not result in stolen coins.

2) Obtain your encrypted wallet + password
Again, he would need to crack the exchange, or some how defeat ssl AND have a keylogger on your machine

3) Send you a poisoned version of the javascript code that redirected your password entry to a 3rd party server in the clear:
--some type of dns attack, but even then the SSL cert should fail (not too knowledgable in this)

4)--Some type of malware (you've been rooted):
 caught your encrypted or unencrypted wallet when it was paged/cached to disk by your browser (not sure how all browsers handle it)
caught the link to your wallet from history/bookmarks
caught you pass from keylogging

4) social attack:  some one had physical access to your device, copied the link from your bookmarks/history and installed a keylogger/knew your pass

Any other attack vectors we can think of, and how likely are each above?  What device/os did this occur on and is this the only device you accessed the wallet on?  how long was the account open, and how long were the coins there before the theft?  i'm guessing "a while" because you say you won this playing SD.   

But what about how many bitcoins have gone out?

EDIT: actually even if that number is right- it doesn't mean it's worth 30 millions dollars. Technically it's worth nothing as they don't make a profit (as far as I know). If they steal it all, that's another story.

The only ownership that changed is when you sent your coins to some web wallet. You owned them, then gave ownership to someone else. For convenience sake that may make sense for a hundred bucks or less. For $40,000...

"Blockchain.info colluding with instawallet owners - they stole from me too!"

Pretty sure the dude got his system keylogged, so we might be in for some more fun.

Hahahahaa oh man my sides! I wish i was employed by Instawallet!  Lol this is hilarious, they offered you a police investigation AND YOU REFUSED on a 40k btc issue. This couldn't sound more made up. I mean I dislike the company, but you must really hate them.

If you don't remember windy guy I was the one who spent a half a minute to lead you to the instawallet cold storage...its like your five!

Man, I cannot wait to see who you start flaming next. I think I saw Blockchain.info steal your coins, go go go! ^.^

And not one of them bothered to post in your thread? Doubtful.

Those are some serious allegations. You better put some more info here along with them.

The ownership changed? HUH?
What ownership?

Wait... What??

OK, in which day did the ownership change, mind telling us?