Pages:
Author

Topic: Instawallet/Bitcoin-Central Security Breach - page 18. (Read 85341 times)

hero member
Activity: 518
Merit: 500
Oh fuck

Deep breaths. Remember, we really don't know anything right now.
hero member
Activity: 756
Merit: 1000
Oh fuck
sr. member
Activity: 448
Merit: 251
Bitcoin
If this is right:


http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy

and the spot price is right 103.02

http://www.ounce.me

You're looking at a $4,311,859.86 bank heist

Again I am hoping I am wrong....    in the scope of things a 4.3 million dollar bank heist (4.3 pizzas)  is not huge overall... but you know there will be headlines on Forbes and shit.


legendary
Activity: 1792
Merit: 1000
Too early to tell, but either way the lesson will be "trust no one to hold your coins".
If this is in any way connected to the vulnerability which was publicly discussed last week then Instawallet needs to explain why they didn't take the service offline until that vulnerability was fixed.  The password clue for their own wallet was made public, for fuck's sake.  .
Source?
hero member
Activity: 868
Merit: 1000
Too early to tell, but either way the lesson will be "trust no one to hold your coins".

For about two weeks.  History shows that people repeatedly leave their funds with wallet services and exchanges no matter how many times those types of services lose user funds.  I doubt that is going to change any time soon.

If this is in any way connected to the vulnerability which was publicly discussed last week then Instawallet needs to explain why they didn't take the service offline until that vulnerability was fixed.  .
hero member
Activity: 899
Merit: 1002
can't you guys tell if your bitcoins were sucked dry via blockexplorer?   If not then it's no biggie.. .but if for some idiotic reason you kept 2000 bitcoins there and now blockexplorer is saying they are not there anymore than you have a problem.





What do you need to check this?

I only have the URLSs i do not have the address related to that, can i do anything?


Don't give us the URLS :P lol
You're supposed to cut+paste the bitcoin address your URL leads to so you can watch it with the blockchain.
You're also supposed to only keep pocket change on instawallet or any online wallet service.

Did you ever send money to that address using another service? there will be a record of transactions probably, find your instawallet address there
hero member
Activity: 756
Merit: 1000
can't you guys tell if your bitcoins were sucked dry via blockexplorer?   If not then it's no biggie.. .but if for some idiotic reason you kept 2000 bitcoins there and now blockexplorer is saying they are not there anymore than you have a problem.





What do you need to check this?

I only have the URLSs i do not have the address related to that, can i do anything?


sr. member
Activity: 448
Merit: 251
Bitcoin
 (Instawallet Cold Storage )  transferring from there?   Holy shit.....  

Watch now it will give people an excuse to sell,  not thinking that the vast majority of people at instawallet only keep pennies there...

Still if they are moving around 41,854.59 BTC  that's something big.




sr. member
Activity: 448
Merit: 251
Bitcoin
can't you guys tell if your bitcoins were sucked dry via blockexplorer?   If not then it's no biggie.. .but if for some idiotic reason you kept 2000 bitcoins there and now blockexplorer is saying they are not there anymore than you have a problem.



donator
Activity: 2772
Merit: 1019
If this is davout's kind of an April Fools' joke, I'm never using Instawallet again.
Promise.

That would be a kind of humor almost inexcusable. I doubt that.

I think the coins were licked. (not based on anything, just because that's funny as hell)

sr. member
Activity: 364
Merit: 250
But there were 3.5million wallets. Is it just limited to 3000?

We don't know if the problem is related to that, or another problem entirely.  We don't know if coins were stolen, lost, looked at, fondled, or licked.  Just have to wait for official statements at this point.

Hopefully they were only fondled and licked.  My bitcoins like that.  :/
newbie
Activity: 56
Merit: 0
legendary
Activity: 1246
Merit: 1077
But there were 3.5million wallets. Is it just limited to 3000?

We don't know if the problem is related to that, or another problem entirely.  We don't know if coins were stolen, lost, looked at, fondled, or licked.  Just have to wait for official statements at this point.

We know that they think that it is ok to have authorization information in clear text in URL to allow access to financial accounts. This tells you all you need to know. Whomever runs it has no clue.


The system would be perfectly secure if not for Google Chrome.
hero member
Activity: 899
Merit: 1002
I don't use instawallet anyways. If you want quick transactions download Electrum client, or just use the regular ol' Bitcoin-qt because we all learned our lesson from mybitcoin right
legendary
Activity: 1008
Merit: 1000
If this is davout's kind of an April Fools' joke, I'm never using Instawallet again.
Promise.
hero member
Activity: 518
Merit: 500
But there were 3.5million wallets. Is it just limited to 3000?

We don't know if the problem is related to that, or another problem entirely.  We don't know if coins were stolen, lost, looked at, fondled, or licked.  Just have to wait for official statements at this point.
legendary
Activity: 1008
Merit: 1000
I might be confusing people, but isn't davout behind both instawallet and bitcoin-central, who also "detected a security breach"? https://bitcointalksearch.org/topic/bitcoin-centralnet-say-they-detected-a-security-breach-164132


The maintenance notice is identical. This suggests the same team is running both.


Injust, the solution to this problem is not robots.txt. The solution is not using URLs as private keys in the first place.



Well, I guess that Instawallet's way of doing things was for convenience, rather than security.
Not that security isn't important, but still.
hero member
Activity: 756
Merit: 1000
But there were 3.5million wallets. Is it just limited to 3000?
hero member
Activity: 518
Merit: 500
I am a little worried at the moment, should I just chill out?

Too early to tell, but either way the lesson will be "trust no one to hold your coins".
Pages:
Jump to: