Author

Topic: Instawallet security breach (Read 2184 times)

member
Activity: 110
Merit: 10
April 01, 2013, 10:58:36 PM
#10
Quote

Do not touch them with a bargepole.




HAHA. That is the best line I heard all day.
sr. member
Activity: 306
Merit: 250
Donations: http://tny.im/nx
April 01, 2013, 02:04:39 PM
#9
Also look at this related thread and its second post: https://bitcointalksearch.org/topic/instawallet-down-should-we-be-worried-164126
This confirms my suspicion it has something to do with the hot wallet (maybe they were shared)...

Pure speculation (hence why I'm posting here instead of on all other threads about this breach):
Could it be that this is an elaborate April fools by Paytunia et al. just to see if the USD/BTC value goes down, so they can get cheap coins?
sr. member
Activity: 306
Merit: 250
Donations: http://tny.im/nx
April 01, 2013, 02:01:52 PM
#8
I find somewhat funny that it happened on 1st April... Still, and if this is not a April Fools joke*, I don't think the URL issue would be enough to have them decide going down for maintenance - they didn't do anything like it when the issue with Google listing was popularized, and that was the right time to go down, not now. I say the security breach is of another kind and maybe completely unrelated.

I saw on some other threads people saying they couldn't send funds out of their Instawallet (as if the hot coins wallet had become empty) for some days. I guess the URLs thing made some people with bad intentions look more closely to Instawallet. I say they found an exploit, and used it.

*if it's a joke, it's preventing every user of their website from sending coins and I'm sure they are not finding it funny (that's why I don't think this is a fools joke).
sr. member
Activity: 476
Merit: 250
Keep it Simple. Every Bit Matters.
April 01, 2013, 01:54:26 PM
#7
Is this a big deal for some reason?

With the right url, you essentially have open access to that wallet.

Them being index, basically gave you a gaint list of accounts steal from.

edit: spelling
hero member
Activity: 784
Merit: 1000
bitcoin hundred-aire
April 01, 2013, 01:52:23 PM
#6
Is this a big deal for some reason?
sr. member
Activity: 476
Merit: 250
Keep it Simple. Every Bit Matters.
April 01, 2013, 01:51:32 PM
#5
Never underestimate human stupidity.
Someone will eventually do it (store loads of Btc on there)
hero member
Activity: 518
Merit: 500
April 01, 2013, 01:50:37 PM
#4
doubt anybody is reckless enough to store anything but some change for a brief periods of time there (less than it takes for search engines to pick up the url). so non-issue.

I wish this were true, but people seem to fall for the same mistakes over and over.
legendary
Activity: 1176
Merit: 1010
Borsche
April 01, 2013, 01:50:04 PM
#3
doubt anybody is reckless enough to store anything but some change for a brief periods of time there (less than it takes for search engines to pick up the url). so non-issue.
legendary
Activity: 1001
Merit: 1005
April 01, 2013, 01:47:05 PM
#2
Its a fundamental issue with the "url" concepts. Chrome and IE and some ff browser extensions work like a trojan, sending users history to search engines for indexing.. After they "fixed" the google flaw, I tried with bing and sure enough got several instawallet urls.. All with zero btc though but some had received coins in the past.
full member
Activity: 140
Merit: 100
1221iZanNi5igK7oAA7AWmYjpsyjsRbLLZ
April 01, 2013, 01:04:10 PM
#1
instawallet.org says:




Down for Maintenance
We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.

Please do not send funds to your address for the time being.

Stay tuned for further updates, thank you for your understanding.

the founder (user here on bitcointalk) has locked his thread but it has some details
Jump to: