Pages:
Author

Topic: Instawallet/Bitcoin-Central Security Breach - page 17. (Read 85345 times)

sr. member
Activity: 448
Merit: 251
Bitcoin
They failed to mention instawallet ?   Why?
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
[Apr-1 10:30 CET] Bitcoin-Central and Paytunia update: Our customer's bitcoins and euros are safe and will not be affected by the security breach. We have taken the websites off-line for proper investigation.

The address 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy is under our exclusive control.

We thank you for your patience and will provide updates exclusively on this page as they come in. We are committed to resuming service as soon as possible. Expect normal service to resume within 48 hours.


----

Deep breath ...
donator
Activity: 2772
Merit: 1019
Quote
I find it strange that the two big transactions at http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still unconfirmed.  Any reason for this besides someone trying to spend coin that isn't there?

maybe the theif was too cheap to pay txn fees Smiley
Actually the tx fees are 0.10 BTC each. 10 USD!

hm, blockexplorer doesn't know about the large transactions: http://blockexplorer.com/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy
sr. member
Activity: 306
Merit: 250
Donations: http://tny.im/nx
You're supposed to cut+paste the bitcoin address your URL leads to so you can watch it with the blockchain.

That will do nothing but make users panic when they see value moving out of that address. The address Instawallet associates/associated with a certain URL is used only for depositing, increasing your balance in Instawallet's internal DB. Then once the money is throwed into the Instawallet system, it can be taken from these deposit addresses without the having the user send money out of the wallet. In other words, the balance of a Instawallet wallet is unrelated to the balance, verifiable with the blockchain, of the deposit address for that wallet.

Also, before Instawallet and Bitcoin Central went down, users had trouble sending money out - https://bitcointalksearch.org/topic/instawallet-its-not-working-davout-where-are-ya-163918 . I already said this in another thread about this Instawallet security breach, but now I found the link to that thread. I think this has something to do with the hot wallet being empty - now who or what caused it to empty is another story... what do you think?
member
Activity: 75
Merit: 10
Maybe the cold storage or some wallet got compromise, and they are moving it to a new wallet... Or maybe the owners of the site are pretending they were hacked, then cash out then go live on an island somewhere... Hard to tell really. Guess time will tell. I didn't use Instawallet but I have a feeling lots of newbies used it since its convenience.
jr. member
Activity: 57
Merit: 1
Quote
I find it strange that the two big transactions at http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still unconfirmed.  Any reason for this besides someone trying to spend coin that isn't there?

maybe the theif was too cheap to pay txn fees Smiley
Actually the tx fees are 0.10 BTC each. 10 USD!
newbie
Activity: 7
Merit: 0
Someone on HN pointed out that the transfer happened an hour or two before the site went down. Can anyone confirm this? It looks like the transfer happened about an hour before *this thread* appeared, but did this thread start immediately after the site came down?

https://news.ycombinator.com/item?id=5475389
hero member
Activity: 899
Merit: 1002
Quote
I find it strange that the two big transactions at http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still unconfirmed.  Any reason for this besides someone trying to spend coin that isn't there?

maybe the theif was too cheap to pay txn fees Smiley
sr. member
Activity: 448
Merit: 251
Bitcoin
There might be good news to this,  the fact that they had bitcoins in cold storage in the first place to help repopulate what they lost might be a good sign.

legendary
Activity: 1400
Merit: 1005
Well, this is interesting...
full member
Activity: 126
Merit: 100
Bitcoin users that trust nobody not affected.
Bitcoin users that trust nobody, but chose to move funds around at the worst time humanly possible, very much affected.
full member
Activity: 121
Merit: 100
I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132


yep, and instawire.org which disappeared
for a while it was showing an error page with a list of all their directories. saw a lot of ruby gems there not good, anybody remember the insecure gems fiasco a few months ago?

No, I only remember that rails had problems and a lot of sites want quick enough, bad processes really. Is that what you referring to ? Or was is something else and bitcoin-related and I missed it.
newbie
Activity: 33
Merit: 0
Yeah, a few words from the people behind Instawallet would be very much appreciated, by all of us I guess. I'm still looking at dust in my wallet so not much lost if it goes belly up, but there might be quite a few that are about to get some sweaty hands soon....

If such a large transaction is underway, is there then nobody that raises an eyebrow and lift a finger?
hero member
Activity: 518
Merit: 500
No doubt.  Every minute of silence is bad for them no matter WHAT the outcome.

You are right.


I'm always right  Cheesy

I find it strange that the two big transactions at http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still unconfirmed.  Any reason for this besides someone trying to spend coin that isn't there?
sr. member
Activity: 448
Merit: 251
Bitcoin
No doubt.  Every minute of silence is bad for them no matter WHAT the outcome.

You are right.
hero member
Activity: 756
Merit: 1000
Unless of course this is their sick april fools day joke

I've always said nothing could offend me when it comes to jokes.

I might have been wrong.
hero member
Activity: 899
Merit: 1002
Unless of course this is their sick april fools day joke
hero member
Activity: 518
Merit: 500
Oh fuck

Deep breaths. Remember, we really don't know anything right now.

But now that the cat is out of the bag, paymium should clarify ASAP if the emptying of the cold wallet was done by them or by a thief.

No doubt.  Every minute of silence is bad for them no matter WHAT the outcome.
jr. member
Activity: 57
Merit: 1
Oh fuck

Deep breaths. Remember, we really don't know anything right now.

But now that the cat is out of the bag, paymium should clarify ASAP if the emptying of the cold wallet was done by them or by a thief.
hero member
Activity: 868
Merit: 1000
Too early to tell, but either way the lesson will be "trust no one to hold your coins".
If this is in any way connected to the vulnerability which was publicly discussed last week then Instawallet needs to explain why they didn't take the service offline until that vulnerability was fixed.  The password clue for their own wallet was made public, for fuck's sake.  .
Source?

Sorry about that, it was StrongCoin's wallet hint which was made public.  There were discussions elsewhere last week regarding vulnerabilities of a number of wallet services.  The Instawallet vulnerability did display the user's wallet hint, though.

https://bitcointalksearch.org/topic/m.1691505

Pages:
Jump to: