Pages:
Author

Topic: Instawallet/Bitcoin-Central Security Breach - page 15. (Read 85356 times)

hero member
Activity: 756
Merit: 1000
They posted in the Bitcoin-Central thread that all user funds (BTC and Euro) were safe.

They didn't mention instawallet though. Sad

Also, some people have suggested that if you had hacked the website you could put a web page saying all was good relatively easily.  

It would be nice to hear from Davout. I believe he is instawallet staff
legendary
Activity: 1526
Merit: 1134
There is a patch that makes miners calculate fees recursively like that, as everyone agrees it's a good idea. The problem is the code is rather non-trivial and Gavin isn't yet convinced it's a safe change.
legendary
Activity: 1400
Merit: 1005
They posted in the Bitcoin-Central thread that all user funds (BTC and Euro) were safe.
newbie
Activity: 47
Merit: 0
Thanks for this explanation, dooglus!
legendary
Activity: 2940
Merit: 1333
The last few posts made no sense to me at all. Smiley

Does it look good or bad?

Not bad.

They've moved lots of coins out of bitcoin-central and instawallet cold storage into a different address.  Despite paying a relatively large transaction fee of 0.1 BTC on both transactions, the transactions still aren't confirmed after several hours.

It turns out that this is because the coins these transactions are trying to move aren't themselves confirmed yet, and you can't confirm any transaction which moves unconfirmed coins until those coins are confirmed.

The transactions which are holding the bit big transactions up have fees of 0, so miners aren't prioritising them.

A smart miner would look at the big picture, and think "if we mine these two 0 fee transactions now, then we'll be able to also mine the 0.1 BTC transactions at the same time and get the big fee".  But apparently there aren't any smart miners yet.  Smiley
legendary
Activity: 2940
Merit: 1333
So, question.  Can you create an identifier for unconfirmed inputs, such that they would "pop out" at a person looking at this page: http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy

Maybe just mark the text in red, or put a little red "unconfirmed" bubble next to any of them that aren't confirmed.

I'd like this too.  When I look at the 'advanced' view of a transaction on blockchain.info I'd like to see unconfirmed inputs marked as such.
donator
Activity: 2772
Merit: 1019
The last few posts made no sense to me at all. Smiley

Does it look good or bad?

good.

not because of what was talked in the last couple posts. That was just a technical "mystery" explained.
hero member
Activity: 756
Merit: 1000
The last few posts made no sense to me at all. Smiley

Does it look good or bad?
donator
Activity: 2772
Merit: 1019
Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?

They use unconfirmed inputs. Such as this tx: http://blockchain.info/tx/a3aad3ddc180ec33d3060e5b0b048ab07647271db559743b46f4668f7796c6d4 which is too large for no fees.

There has been talk about optimizing tx prioritization in bitcoind for quite a while. I can now see why it would make sense to have a high-fee tx (such as these 2) "pull in" the no- (or low-) fee inputs. I kinda thought this was the case already.
donator
Activity: 2772
Merit: 1019
and why does blockchain.info list "blockchain.info" as originating IP for the transactions?

It was submitted using https://blockchain.info/pushtx

makes sense
hero member
Activity: 910
Merit: 1005
and why does blockchain.info list "blockchain.info" as originating IP for the transactions?

It was submitted using https://blockchain.info/pushtx
donator
Activity: 2772
Merit: 1019
Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?
+1

for some reason the network propagation for both transactions is below 5%, why are nodes not relaying them?

and why does blockchain.info list "blockchain.info" as originating IP for the transactions?

EDIT: piuk, you should probably change your avatar. People (at least I) got used to the new logo.
legendary
Activity: 1400
Merit: 1005
Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?

They use unconfirmed inputs. Such as this tx: http://blockchain.info/tx/a3aad3ddc180ec33d3060e5b0b048ab07647271db559743b46f4668f7796c6d4 which is too large for no fees.
Well, invalid tx hash when I click on the link, but that makes sense anyway.

So, question.  Can you create an identifier for unconfirmed inputs, such that they would "pop out" at a person looking at this page: http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy

Maybe just mark the text in red, or put a little red "unconfirmed" bubble next to any of them that aren't confirmed.
hero member
Activity: 910
Merit: 1005
Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?

They use unconfirmed inputs. Such as this tx: http://blockchain.info/tx/a3aad3ddc180ec33d3060e5b0b048ab07647271db559743b46f4668f7796c6d4 which is too large for no fees.
full member
Activity: 125
Merit: 101
Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?
+1

for some reason the network propagation for both transactions is below 5%, why are nodes not relaying them?
legendary
Activity: 1400
Merit: 1005
Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?
That's kind of a huge "wtf" to me as well.

Is Bitcoin broken??   Tongue
legendary
Activity: 2940
Merit: 1333
Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?
legendary
Activity: 1008
Merit: 1000
either way the lesson will be "trust no one to hold your coins".
Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!

yep

But instawallet is really convenent and if you need spend, it is such a snap to use. They even have a iphone HTML5 app.
Anyway, I put some funds there with the intention to spend, but still got a little panic (not really, but my money there is not immaterial either).
I guess I will just take some BTC out there after this fiasco. (It wasn't really signficiant amount money, but BTC keep rising and now not a change any more!)

Essentially, the only way I use Instawallet is I use it to condense all the small transactions that I get from faucets (that's my only source of Bitcoins Tongue) and when I get BTC0.02, I send BTC0.01 to my other wallet. So I never keep more than BTC0.02 there.
full member
Activity: 154
Merit: 100
either way the lesson will be "trust no one to hold your coins".
Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!

yep

But instawallet is really convenent and if you need spend, it is such a snap to use. They even have a iphone HTML5 app.
Anyway, I put some funds there with the intention to spend, but still got a little panic (not really, but my money there is not immaterial either).
I guess I will just take some BTC out there after this fiasco. (It wasn't really signficiant amount money, but BTC keep rising and now not a change any more!)
full member
Activity: 154
Merit: 100
We thank you for your patience and will provide updates exclusively on this page as they come in.

What page is that from?

The wording "exclusive control" is also odd to me, sounds like someone steals it (internal employee?) and they discovered and force the guy give back the key?

Sounds to me like they're just saying "we know this address hasn't been compromised, and we control it, so don't worry".

Hmmm, your explanation makes more sense of the word "exclusive" Smiley.
Guess the implied info is that the two cold storage wallets maybe compromized and not in "exclusive" control, out of caution, they moved to a wallet they feel more secure.

Pages:
Jump to: