Topic: instawallet has fallen new owner stealing - page 9. (Read 13406 times)

There is another possibility: was he possibly using a wifi network? It is incredibly easy to hack routers using WEP/WPA/most wifi encryption algorithms to intercept information. In fact this is one of the most widely used, and easiest, ways to steal personal info.

Please people never use WEP(cracked in 1997, considered exceptionally compromised, yet is still widely used).
Try to use WPA2 or a direct connection while sending passwords over any network. If you aren't  sure; do not use it! It is worth the annoyance. You do not want to risk using a wifi network that is not properly encrypted.

Stay safe, and keep updated on the latest security issues

Your friendly online battmann.

This just happened to a friend of mine too, a substantial amount of bitcoins lost from an instawallet account a few hours after sending them there.

The only device used to access instawallet was an iphone that he had control over at all times between first accessing the account and the theft, so there is only two possibilities here:

• There is an iphone wallet stealer trojan or similar in the wild.
• Instawallet was hacked or the theft was internal.

My advice is to not use this kind of service, use something where only you can control the private keys to eliminate one risk factor.
If you need to use instawallet or similar services, send the coin somewhere more secure as fast as possible.

SSL encryption, makes it impossible to compromise a wallet by sniffing traffic between the client and the server.

Ummmm... wut?

You had $40k... in an instawallet... ?

Oh oh I see... you're the kinda guy who believes in "hidden in plain view"?  That URL was access to your $40k... anyone watching traffic could have snooped it.

Whether this is legit or not (I find legit hard to believe), a fantastic lesson in responsibility.

I don't speak Russian and asking the cops to find  your bitcoins would be like asking them to investigate someone that stole your world of warcraft gold or something. my computer has not been compromised im assuming someone in Russia is just brute forcing instawalet? most of the money was won by gambling so ill probably just start over..score 1 for russia

Wait, so instawallet advised you to file a police report, even gave you a nudge in the right direction, but you're not going to bother? For $40K?

Somethin' ain't passing the smell test.

Hi all.

Just a few of things :
 - We didn't steal coins, the thread title should be changed OR it should be moved to the "Scam accusations" board. OPs call.
 - Security isn't as straightforward as almost everyone here seems to suggest. OPs machine was compromised, in which case it doesn't matter whether you store your coins on Instawallet, Blockchain.info, on your local Bitcoin client, a paper wallet, or a multiple factor authentication setup. Compromised machine = stolen coins, period.

That being said I want to re-state very firmly that this kind of theft sickens me on multiple levels, that I feel very sorry for OPs loss and that Instawallet will cooperate fully if the OP decides to file a police report or investigate this himself.

It's possible that Instawallet has stolen your coins - they can do it to a small amount of people who store large amounts. It's also possible that your computer is compromised.

Please use cold storage next time, and don't trust anyone other than yourself.

Obviously most likely the wallet url address has been created on compromised computer already. No need to broke into your house.

Damn shame.

Google 'ColdStorage'

What kind of person has that kind of money invested in something like this but wouldn't use a paper wallet? Especially if you didn't regularly touch it.

Well thanks for sharing that tale... it is a lesson to us who are new here not to repeat the same mistake.

It was hard lesson learned. No need for such title though.

im over it.. back to square 1. Ill admit I was an idiot and I see that now so no need to preach to the quire or what ever. I learned alot and this will definitly not happen again haha. I will start keeping my wallet on and more secure wallet. well have a good day. and about lashing out yeah I was in a freaking fury but after talking to the NEW owner I realize there is nothing I can do so whats the point of it. here is the last email I received from them. and No body likes a taddle tail so no I wont be hiring a police report.. Im only posting on this forum to vent and warn people so this is good bye.. peace

id   wallet_key   amount   address   transaction_id   created_at

"431355   jY6LxRXwWqUhA2tECNgWWorrEEYvb0xXtg   920.71000000   1sbXm3rxu3mZ9v9XgmYnQrJgC1YM2fNeb   463e46a28cc142efe0e38aa4564bf518e2ae34a3d2994f6764d6630ad406639b   2013-02-07 08:27:00
433229   jY6LxRXwWqUhA2tECNgWWorrEEYvb0xXtg   -150.00000000   1KhbLcH5Pm8ihWYfkm4HacqEFBDG2kuUxr   a7de4d9a643288a2441fcfd1c296343631bd9919814da41314480adc065b20e9   2013-02-08 06:17:35
438082   jY6LxRXwWqUhA2tECNgWWorrEEYvb0xXtg   -22.35000000   1C7GTFaviBA9U5NKYBwyeLgqn1B9VWXxXR   3ce3d8708689b5ae33f5d6ad7c45fdd6b9e3b48ff7e10d03cbc4ecae9d378b31   2013-02-11 06:24:47
482810   jY6LxRXwWqUhA2tECNgWWorrEEYvb0xXtg   -15.00000000   15vNs674ZZJ3EBZcbpB1iGTGSQFsGMbLKj   730afdcc7503e6fcf4a866edb402f1e5411ea263e7e35283b2e857b51d0854d0   2013-03-02 08:27:24
488750   jY6LxRXwWqUhA2tECNgWWorrEEYvb0xXtg   -733.00000000   13XTTarweiy2BkP9kKuntuHVur1tuKVz9G   0740963ce8062647a3736f95e1e2945ae6af24a85f786e7ddddc11baa2b029e4   2013-03-05 06:44:35

We haven't been hacked, otherwise you wouldn't be the only one affected.
We also didn't steal your coins, if you don't trust us on that it's ok but I wanted to state it very clearly.

I had a look at our server logs to view the IPs that accessed your wallet, the sequence looks something like :
 - ****** IP( my ip was here...)
 - ...
 - ****** IP
 - And then an other IP connects, reads your wallet, and a few minutes later sends your coins away, looks like a Russian IP

We're really sorry for what's happening to you.

Please let us know if you wish to file a police report (which I strongly advise), we'll forward the information we have that might be useful (the webserver logs that pertain to your wallet).

Kind regards
David - Paymium support"

This. ThisX1000

Dude,
You blamed some other company first without doing any real research into your coinange, I literally spent 30 seconds on your other thread a few days ago just following the transactions to a cold storage on Instawallet, now you are blaming Instawallet. More than likely they aren't really involved. lol you are just lashing out at any company that just might be involved. The thing is they also don't know where your coins went.

I think the next step for you is to hire a PI cause I bet you BTC40k that if I look into this any more I could find out what happened. Stop blaming companies that *might* be involved; because you don't really know what is going on, I told you before to not look into my findings to hard. This is because I spent half a minute to come to instalwallets cold storage after my listsless interest came upon your post. Instawallet more than likely has no idea where your coins are, and aren't involved. They might be, but I would say chances are pretty good that they are not. What I am trying to say is look into it more yourself/make your own findings because I sure as heck didn't spend much time on your coin capers case.

*Protip - you got phished. It's what happens when you don't use an offline wallet for 40k you peanut*

Why does anyone trust other people with their money?  Especially significant amounts of irreversible currency?

Thanks for the tip for the rest of us (whether it was instawallet or not is another matter), but man, you should have seen this coming!

Bitcoin puts you in control... why would you trust that much to a site that doesn't even use a password?

But really... $40k in an online wallet is hard for me to swallow.

I'm sorry for your loss...  but really??  $40k USD in an online wallet?  Recipe for disaster - bitcoin requires the user to have some semblance of common sense