Pages:
Author

Topic: Instawallet/Bitcoin-Central Security Breach - page 11. (Read 85336 times)

full member
Activity: 154
Merit: 100
What is the likelihood of us seeing our coins again guys? Getting worried about the severe lack of communication

The lack of communication is definitely disturbing.. I can only assume they havn't got any time for communicating as they've got the entire team working round the clock on this thing, but a little memo every few hours would have been great.

Their predicted 48 hours are nearly running out.. I had hoped to see them back online by now.  Embarrassed

Anyone have a private communication channel to them? Could anyone trying to get some info on this, customers/users are deserve to know the current status of the affair.
newbie
Activity: 14
Merit: 0
I feel your pain steelboy. Kicking myself for not keeping them somewhere more secure, definitely a lesson learnt but hopefully not the hard way!

Yeah the communication has been apalling, and has probably tarnished the company a great deal - it looks like some people have lost A LOT of money, they deserve some sort of explanation. The fact that funds have been moved to this 'Instawallet Cold Storage' address is quite reassuring, unless it's an inside job and they are just stalling  Huh
member
Activity: 68
Merit: 10
What is the likelihood of us seeing our coins again guys? Getting worried about the severe lack of communication

The lack of communication is definitely disturbing.. I can only assume they havn't got any time for communicating as they've got the entire team working round the clock on this thing, but a little memo every few hours would have been great.

Their predicted 48 hours are nearly running out.. I had hoped to see them back online by now.  Embarrassed
hero member
Activity: 756
Merit: 1000
What is the likelihood of us seeing our coins again guys? Getting worried about the severe lack of communication

No idea. I switch from positive to negative feelings nonstop. Driving me crazy. :/

One thing for sure though. If it turns out all right I am taking some profits and flying to a beach for a holiday. (Not before I finally get armory working though Wink )
newbie
Activity: 14
Merit: 0
What is the likelihood of us seeing our coins again guys? Getting worried about the severe lack of communication
hero member
Activity: 756
Merit: 522
In short "Keep your private keys private". Rule number ONE in Bitcoin land.

You're storing BitcoinSpinner users private keys in plaintext on their phones. How is this helping them to keep their private keys private?

Ouch.
hero member
Activity: 756
Merit: 1000
For first Instawallet URL hack I think the Google Chrome is to blame. I never used Chrome outside VMWare test environment and I recommend anyone not to install Google Chrome on any computer for this privacy reason. If there is any technical need when Chrome is preferred over Firefox, then use SRWare Iron that have all bad things deleted. The use of URL as a private key is not a big security problem because SSL also encrypts the URL and prevents anyone from seeing it, including Tor exit nodes, FBI, etc. As long as the browser history are safe and not compromised, the URL is safe.

I have no idea about second hack. If it is true that the servers are suspected to be compromised, then it might take some time to install new operating system on new hardware, test and secure the setup before it is launched public again.

So you think if I have used only Firefox in safe mode then it should be all good?
legendary
Activity: 1512
Merit: 1049
Death to enemies!
For first Instawallet URL hack I think the Google Chrome is to blame. I never used Chrome outside VMWare test environment and I recommend anyone not to install Google Chrome on any computer for this privacy reason. If there is any technical need when Chrome is preferred over Firefox, then use SRWare Iron that have all bad things deleted. The use of URL as a private key is not a big security problem because SSL also encrypts the URL and prevents anyone from seeing it, including Tor exit nodes, FBI, etc. As long as the browser history are safe and not compromised, the URL is safe.

I have no idea about second hack. If it is true that the servers are suspected to be compromised, then it might take some time to install new operating system on new hardware, test and secure the setup before it is launched public again.
member
Activity: 68
Merit: 10
So do we think it is only affecting chrome users or is this just speculation?

Aside from that there is no news is there?
You would be surprised how many people got Google as their home page and type URLs in the page's search box instead of the browser's URL bar...

When you're using Chrome as your browser, (on the default settings) there is no difference between the two. None.
sr. member
Activity: 384
Merit: 250
If bitcoin-central.net has an update, I'm sure instawallet will come down the line! Usually this one is very safe!

either way the lesson will be "trust no one to hold your coins".
Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!
In short "Keep your private keys private". Rule number ONE in Bitcoin land.

bitcoin-central.net has updated its message

Still no mention of instawallet  Huh


legendary
Activity: 2940
Merit: 1333
Thanks dooglus. Mine was off.

Yes, I think chromium has all it's "spying for google" features disabled by default.
donator
Activity: 2772
Merit: 1019
In short "Keep your private keys private". Rule number ONE in Bitcoin land.

You're storing BitcoinSpinner users private keys in plaintext on their phones. How is this helping them to keep their private keys private?
sr. member
Activity: 504
Merit: 250
Could it be that Instawallet went full "Tom Williams" on the user's accounts ? Or maybe something like this: trade the coins on mtgox, wait for the bubble to pop, buy coins back, profit.
hero member
Activity: 756
Merit: 522
FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

3. Spelling is a lost art.

4. I would like to see your spelling skills in Turkish.

Merhaba rahatsız etmemek için lütfen gel!
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
So do we think it is only affecting chrome users or is this just speculation?

Aside from that there is no news is there?
You would be surprised how many people got Google as their home page and type URLs in the page's search box instead of the browser's URL bar...
hero member
Activity: 756
Merit: 1000
Still no mention of instawallet  Huh
For some reason this feels intentional to me, I'm glad I wasn't on that service (only bitcoin-central).

Still though, instawallet's cold storage got transferred out with 82 confirmations last time I checked (hours ago), it should mostly be fine I guess.

I feel it is definitely intentional to not mention instawallet, the webpage is still the same too whereas the bit coin-central/paytunia page has been updated. Sad

However, if 42,000ish BTC was moved from their cold storage and is now "under their exclusive control" then surely they must not have lost everything. Maybe it is like some people have said, a problem with google that left some wallets searchable?

One thing that is really pecking my head though is the fact that there has been no update and Davout has disappeared too. This seems a bit suss.

Finally, can anyone with some technical knowhow please set me straight on the problem below. Surely if the money was sent from pone address to another 48 hours before this debacle then it has to be safe? If so, why hasnt it shown up in my wallet?

I made two withdrawals from jnstawallet 2 nights ago around 1am GMT. The first one did not show up but the second one did. I messages Davout about the first one not showing up and I also emailed support at instawallet. I wasn't worried as it actually happened last time I withdrew money from them too. That took 24 hours. I also thought that as it was a bank holiday there might be a delay in support.

If this money was sent should I be sure to receive this whatever happens with the rest of instawallets issues?

So in regards to this, without being too technical. Why would a transaction take two days to confirm?

Is it something to do with instawallet being free?

Can anyone help with this?
hero member
Activity: 756
Merit: 1000
I hope that payments that our Instawallet addresses receive during the lack-of-service period will be credited Tongue

I just want whatever was in the wallets. Wink
legendary
Activity: 1008
Merit: 1000
I hope that payments that our Instawallet addresses receive during the lack-of-service period will be credited Tongue
sr. member
Activity: 367
Merit: 250
What do you think will happen with our purchase orders / sales going?

Personally, I have sales orders that I wanted to cancel because the btc was strong up, now if the website re-opens, my orders will be sent immediately without anulation possible ...

I hope they will think about it and cancel all those sales orders scheduled.
sr. member
Activity: 384
Merit: 250
Let's hope problems can be fixed in due time!
Pages:
Jump to: