They failed to mention instawallet ? Why?
Topic: Instawallet/Bitcoin-Central Security Breach - page 17. (Read 85315 times)
[Apr-1 10:30 CET] Bitcoin-Central and Paytunia update: Our customer's bitcoins and euros are safe and will not be affected by the security breach. We have taken the websites off-line for proper investigation.
The address 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy is under our exclusive control.
We thank you for your patience and will provide updates exclusively on this page as they come in. We are committed to resuming service as soon as possible. Expect normal service to resume within 48 hours.
----
Deep breath ...
The address 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy is under our exclusive control.
We thank you for your patience and will provide updates exclusively on this page as they come in. We are committed to resuming service as soon as possible. Expect normal service to resume within 48 hours.
----
Deep breath ...
Quote
I find it strange that the two big transactions at http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still unconfirmed. Any reason for this besides someone trying to spend coin that isn't there?
maybe the theif was too cheap to pay txn fees
hm, blockexplorer doesn't know about the large transactions: http://blockexplorer.com/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy
You're supposed to cut+paste the bitcoin address your URL leads to so you can watch it with the blockchain.
That will do nothing but make users panic when they see value moving out of that address. The address Instawallet associates/associated with a certain URL is used only for depositing, increasing your balance in Instawallet's internal DB. Then once the money is throwed into the Instawallet system, it can be taken from these deposit addresses without the having the user send money out of the wallet. In other words, the balance of a Instawallet wallet is unrelated to the balance, verifiable with the blockchain, of the deposit address for that wallet.
Also, before Instawallet and Bitcoin Central went down, users had trouble sending money out - https://bitcointalksearch.org/topic/instawallet-its-not-working-davout-where-are-ya-163918 . I already said this in another thread about this Instawallet security breach, but now I found the link to that thread. I think this has something to do with the hot wallet being empty - now who or what caused it to empty is another story... what do you think?
Maybe the cold storage or some wallet got compromise, and they are moving it to a new wallet... Or maybe the owners of the site are pretending they were hacked, then cash out then go live on an island somewhere... Hard to tell really. Guess time will tell. I didn't use Instawallet but I have a feeling lots of newbies used it since its convenience.
Quote
I find it strange that the two big transactions at http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still unconfirmed. Any reason for this besides someone trying to spend coin that isn't there?
maybe the theif was too cheap to pay txn fees
Someone on HN pointed out that the transfer happened an hour or two before the site went down. Can anyone confirm this? It looks like the transfer happened about an hour before *this thread* appeared, but did this thread start immediately after the site came down?
https://news.ycombinator.com/item?id=5475389
https://news.ycombinator.com/item?id=5475389
Quote
I find it strange that the two big transactions at http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still unconfirmed. Any reason for this besides someone trying to spend coin that isn't there?
maybe the theif was too cheap to pay txn fees
There might be good news to this, the fact that they had bitcoins in cold storage in the first place to help repopulate what they lost might be a good sign.
Well, this is interesting...
Bitcoin users that trust nobody not affected.
Bitcoin users that trust nobody, but chose to move funds around at the worst time humanly possible, very much affected. I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132
yep, and instawire.org which disappeared
for a while it was showing an error page with a list of all their directories. saw a lot of ruby gems there not good, anybody remember the insecure gems fiasco a few months ago?
Yeah, a few words from the people behind Instawallet would be very much appreciated, by all of us I guess. I'm still looking at dust in my wallet so not much lost if it goes belly up, but there might be quite a few that are about to get some sweaty hands soon....
If such a large transaction is underway, is there then nobody that raises an eyebrow and lift a finger?
If such a large transaction is underway, is there then nobody that raises an eyebrow and lift a finger?
No doubt. Every minute of silence is bad for them no matter WHAT the outcome.
You are right.
I'm always right
I find it strange that the two big transactions at http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still unconfirmed. Any reason for this besides someone trying to spend coin that isn't there?
No doubt. Every minute of silence is bad for them no matter WHAT the outcome.
You are right.
Unless of course this is their sick april fools day joke
I've always said nothing could offend me when it comes to jokes.
I might have been wrong.
Unless of course this is their sick april fools day joke
Oh fuck
Deep breaths. Remember, we really don't know anything right now.
But now that the cat is out of the bag, paymium should clarify ASAP if the emptying of the cold wallet was done by them or by a thief.
No doubt. Every minute of silence is bad for them no matter WHAT the outcome.
Oh fuck
Deep breaths. Remember, we really don't know anything right now.
But now that the cat is out of the bag, paymium should clarify ASAP if the emptying of the cold wallet was done by them or by a thief.
Too early to tell, but either way the lesson will be "trust no one to hold your coins".
If this is in any way connected to the vulnerability which was publicly discussed last week then Instawallet needs to explain why they didn't take the service offline until that vulnerability was fixed. The password clue for their own wallet was made public, for fuck's sake. .Sorry about that, it was StrongCoin's wallet hint which was made public. There were discussions elsewhere last week regarding vulnerabilities of a number of wallet services. The Instawallet vulnerability did display the user's wallet hint, though.
https://bitcointalksearch.org/topic/m.1691505
Jump to: