Pages:
Author

Topic: New 400 BTC Bounty Pales Roger Ver's 37.6 BTC Bounty for Return of Stolen BTC (Read 18420 times)

newbie
Activity: 10
Merit: 1003
Those two urls are not found in instawallet systems or backup.

Thats why we are trying (or should I say we were) to find some hints.
newbie
Activity: 10
Merit: 1003
If I say to gox liquidator "hey dudes, where are my 10K gox coin?"
They will ask me some details before giving me something.

If I don't provide details and keep asking, I'm sure they won't reply for long.

So now, we wait some details...

Maybe Phinn remembered those coins where sent somewhere else... I'm pretty sure I can forget the bounty and go to sleep...
hero member
Activity: 910
Merit: 1003
One thing I'm not sure that's been discussed here is if the IW team still has web server access logs, and if they do, simply grep through them for the addresses? The hacker of instawallet probably didn't go through the trouble of erasing the logs for specific wallets.
^THIS!
vip
Activity: 1316
Merit: 1043
👻
Quote
I don't know how  InstaWallet worked.  Is it possible that BK was the victim of a phishing-style attack?  Say, he was led to a fake IW site

While possible, I find it hard to believe that a phishing attack would be practically executed. I've never heard of an actual instawallet phishing site, other than the one on Tor.

Quote
or the real IW server was hacked to divert some client deposits to an address that did not belong to InstaWallet, and omit those accesses from the database?

That's an interesting theory. Practically this attack wouldn't be so easy - it can't just be a simple address replace, but it also needs to hook into balance checks, etc.


One thing I'm not sure that's been discussed here is if the IW team still has web server access logs, and if they do, simply grep through them for the addresses? The hacker of instawallet probably didn't go through the trouble of erasing the logs for specific wallets.
legendary
Activity: 1260
Merit: 1002
sr. member
Activity: 384
Merit: 258
Indeed.  This finding seems to render the IW team analysis of the blockchain irrelevant.  They looked in the wrong place, so no wonder they did not find anything.  
Assuming that BK was unaware of the flow between the hot and cold wallets, this finding also restores the credibility to his claim.  Back to square zero?
Not sure we can say that they looked at the wrong place. It's more that the view was incomplete and thus can't deliver 100% certainty. A set of addresses exported from a bitcoind backup should be more reliable.

However, wouldn't the hot wallet be caught by the recursive script during its first pass?
Well, what I call the "hot wallet" is the complete set of IW deposit addresses + some "internal" addresses generated by bitcoind (change, ...).
Some of them are caught during first pass. Some are caught later. Some are not caught at all. I was able to validate the latter for some "internal" addresses (but we do not really care about them to identify the initial deposit) and it's likely that some deposit addresses are also missed by the script during periods similar to december 2012.

I don't know how  InstaWallet worked.  Is it possible that BK was the victim of a phishing-style attack?  Say, he was led to a fake IW site, or the real IW server was hacked to divert some client deposits to an address that did not belong to InstaWallet, and omit those accesses from the database?
IW was a shared wallet. Imagine that you share your bitcoin wallet with others users. Each user has one "personal" deposit address to receive coins but withdrawals are done from any subset of addresses found in the wallet with enough coins to fund the transaction. Data required to know users' balances and transactions are recorded in an external database.

Phishing attack is another possible hypothesis. I've also heard that there has been some scam attempts with a fake IW website running on TOR.
Records deleted from the internal ledger is just an hypothesis among several others. Its main difference is that it can be checked by comparing content of db backups. There's also a message posted by Phinnaeus Gage on March 2013 (15 days before the service was shutdown) which seems to confirm that everything was ok at this date.
hero member
Activity: 910
Merit: 1003
FYI, I've published the result of my "investigation" in the french forum.
[...]Activity of the cold wallet during December 2012 shows that no coin was sent to the cold wallet between 12/08 and 12/26. In fact, during this timespan, the flow was reversed (5,500btc sent from the cold wallet to the hot wallet) surely indicating a period with more withdrawals than deposits. This period also corresponds to the period indicated by PG for his initial deposit and his splitting operation. Thus, it doesn't seem unlikely that the funds deposited by PG may have been consumed during this period and can't be found by the recursive script.

This hypothesis would explain why the IW team was unable to find transactions and addresses matching information given by PG.
Indeed.  This finding seems to render the IW team analysis of the blockchain irrelevant.  They looked in the wrong place, so no wonder they did not find anything.  

Assuming that BK was unaware of the flow between the hot and cold wallets, this finding also restores the credibility to his claim.  Back to square zero?

However, wouldn't the hot wallet be caught by the recursive script during its first pass?

WRT missing urls, one of my hypotheses is that IW db may have been altered by hackers to hide that some funds had been stolen (wallets deleted from db).
I don't know how  InstaWallet worked.  Is it possible that BK was the victim of a phishing-style attack?  Say, he was led to a fake IW site, or the real IW server was hacked to divert some client deposits to an address that did not belong to InstaWallet, and omit those accesses from the database?
hero member
Activity: 910
Merit: 1003
Oh. That's kind of scary actually considering the amount of posts he makes targeting people while at the same time posting his home address. I bet he's fine, but he does go out of his way to invite trouble. I hope nothing has happened to him.
Indeed, considering the number of people he has fished embarassing things about, including people with means (and history) of suing people, it is highly likely that he got at least a letter from a lawyer threatening a lawsuit.

Or he simply may have given up hope of recovering his lost bitcoins, and got fed up with a community that, by and large, is indifferent to crime.  When they do not side with the criminals against ther victims.
sr. member
Activity: 490
Merit: 280
Despite Bruno's very bizarre sudden lack of interest. Hopefully he sticks his head in here to acknowledge you.

User @Phinnaeus_Gage (who has by far the largest number of posts on this forum) has been inactive since 2014-06-17, 18:38:34 https://bitcointalksearch.org/user/phinnaeus-gage-24792

Oh. That's kind of scary actually considering the amount of posts he makes targeting people while at the same time posting his home address. I bet he's fine, but he does go out of his way to invite trouble. I hope nothing has happened to him.
hero member
Activity: 910
Merit: 1003
Despite Bruno's very bizarre sudden lack of interest. Hopefully he sticks his head in here to acknowledge you.

User @Phinnaeus_Gage (who has by far the largest number of posts on this forum) has been inactive since 2014-06-17, 18:38:34 https://bitcointalksearch.org/user/phinnaeus-gage-24792
sr. member
Activity: 490
Merit: 280
FYI, I've published the result of my "investigation" in the french forum.
There's no english translation but here's a short summary.

Context

3 IW urls were claimed by PG but the IW team was unable to spot 2 of them

The IW team has asked PG to provide adresses or transactions related to these 2 wallets but PG was unable to provide this kind of information.

The IW team has developed a set of scripts to parse the blockchain in order to:
  - build a list of bitcoin addresses corresponding to IW deposit addresses
  - check if any of these addresses has transactions matching informations sent by PG.
No matching address was found by the IW team.

Analysis

I've followed these steps:
  - parsing of the blockchain to identify transactions (and addresses) matching information given by PG (date, amounts, hours)
  - development of a script similar to the one implemented by the IW team, in order to list IW addresses
  - matching of the 2 sets
No significant result was found.

Then, I've analyzed the principles of the script used to build the list of IW addresses:
- as a first step, the script lists addresses having sent coins to IW cold wallet. These addresses are considered as IW deposit addresses.
- in a second step, the script uses an heuristic named "multi-inputs transactions" in order to find additional IW addresses.
- the second step is repeated recursively.

The main hypothesis associated to this script is that it allows to list all IW deposit addresses. IW was a shared wallet mixing coins from all deposit addresses, thus it may sound like a reasonable hypothesis. But it appears that some cases break this assumption. One such case is when coins sent to a deposit address are consumed alone before having a chance to be sent to the cold wallet.

Activity of the cold wallet during December 2012 shows that no coin was sent to the cold wallet between 12/08 and 12/26. In fact, during this timespan, the flow was reversed (5,500btc sent from the cold wallet to the hot wallet) surely indicating a period with more withdrawals than deposits. This period also corresponds to the period indicated by PG for his initial deposit and his splitting operation. Thus, it doesn't seem unlikely that the funds deposited by PG may have been consumed during this period and can't be found by the recursive script.

This hypothesis would explain why the IW team was unable to find transactions and addresses matching information given by PG.
WRT missing urls, one of my hypotheses is that IW db may have been altered by hackers to hide that some funds had been stolen (wallets deleted from db).

Next steps

IMHO, it's required to use a backup of the IW bitcoind, in order to export the full list of addresses and be sure to avoid false negative results.
Thus, I've forwarded all results and information to the IW team. It should allow them to investigate the case further.


Wow. Good work. It's nice to see that people are still on this. Despite Bruno's very bizarre sudden lack of interest. Hopefully he sticks his head in here to acknowledge you.
sr. member
Activity: 384
Merit: 258
FYI, I've published the result of my "investigation" in the french forum.
There's no english translation but here's a short summary.

Context

3 IW urls were claimed by PG but the IW team was unable to spot 2 of them

The IW team has asked PG to provide adresses or transactions related to these 2 wallets but PG was unable to provide this kind of information.

The IW team has developed a set of scripts to parse the blockchain in order to:
  - build a list of bitcoin addresses corresponding to IW deposit addresses
  - check if any of these addresses has transactions matching informations sent by PG.
No matching address was found by the IW team.

Analysis

I've followed these steps:
  - parsing of the blockchain to identify transactions (and addresses) matching information given by PG (date, amounts, hours)
  - development of a script similar to the one implemented by the IW team, in order to list IW addresses
  - matching of the 2 sets
No significant result was found.

Then, I've analyzed the principles of the script used to build the list of IW addresses:
- as a first step, the script lists addresses having sent coins to IW cold wallet. These addresses are considered as IW deposit addresses.
- in a second step, the script uses an heuristic named "multi-inputs transactions" in order to find additional IW addresses.
- the second step is repeated recursively.

The main hypothesis associated to this script is that it allows to list all IW deposit addresses. IW was a shared wallet mixing coins from all deposit addresses, thus it may sound like a reasonable hypothesis. But it appears that some cases break this assumption. One such case is when coins sent to a deposit address are consumed alone before having a chance to be sent to the cold wallet.

Activity of the cold wallet during December 2012 shows that no coin was sent to the cold wallet between 12/08 and 12/26. In fact, during this timespan, the flow was reversed (5,500btc sent from the cold wallet to the hot wallet) surely indicating a period with more withdrawals than deposits. This period also corresponds to the period indicated by PG for his initial deposit and his splitting operation. Thus, it doesn't seem unlikely that the funds deposited by PG may have been consumed during this period and can't be found by the recursive script.

This hypothesis would explain why the IW team was unable to find transactions and addresses matching information given by PG.
WRT missing urls, one of my hypotheses is that IW db may have been altered by hackers to hide that some funds had been stolen (wallets deleted from db).

Next steps

IMHO, it's required to use a backup of the IW bitcoind, in order to export the full list of addresses and be sure to avoid false negative results.
Thus, I've forwarded all results and information to the IW team. It should allow them to investigate the case further.
sr. member
Activity: 490
Merit: 280
Those two urls are not found in instawallet systems or backup.
Thats why we are trying (or should I say we were) to find some hints.
I see.  If anyone stlll cares, please:

I presume that the search was done by the InstaWallet owners themselves?

Are the two URLS at least self-consistent (right format, numbers in plausible range, encrypted with the InstaWallet public key, whatever)?  Could they be forged by a hacker, or have come from some other similar service?  Did BK say how he kept or recovered them?

Are there other similar claims against InstaWallet from other ex-clients?



I'd like to know if the wallet address is consistent with the format as well.

And there are lots and lots of people with claims that haven't been paid yet.
hero member
Activity: 910
Merit: 1003
Those two urls are not found in instawallet systems or backup.
Thats why we are trying (or should I say we were) to find some hints.
I see.  If anyone stlll cares, please:

I presume that the search was done by the InstaWallet owners themselves?

Are the two URLS at least self-consistent (right format, numbers in plausible range, encrypted with the InstaWallet public key, whatever)?  Could they be forged by a hacker, or have come from some other similar service?  Did BK say how he kept or recovered them?

Are there other similar claims against InstaWallet from other ex-clients?

full member
Activity: 122
Merit: 100
Phinn's silence on this thread is worrisome...

I assume because he doesn't really have anything else to add. The only useful information he can provide is the two InstaWallet URLs and the approximate balances, which InstaWallet has no record of. Bruno either needs to find additional information or take legal action. Presumably legal action would a difficult route if this is all the information he has.

That was exactly my point. He wrote a thousand words of "this and that" etc.
but fails to give useful information/answers to additional questions that came up
(and could easily help solve his problems).

I / we just asked for a simple, clean list styled summary / protocol of what exactly happend, how and when...
just to help finding a approval that he really had those funds, in the first step.

If we could track down (one of the) the addresses / transactions involved, anyhow, based on all those "missing links" that we were asking for,
because we couldn't dig that out of those dozens "walls of text"... I'd guess, he would come a big step closer to his coins.

So, if his claims are for real or not,...
as someone stated before, if he wants help from one or another side (us or lawyers, or whatever), he has to do this list anyway.
And also has to be ready to answer questions like "have you already tried this..." or "can you maybe get some more details on that..."
in a timely manner!

It is unnecessary to say that, as long as PG isn't going to "support" / work with the people that want(ed) to help him,
all of the already taken, and also, any further efforts are rendered useless.
*shrugs*

hero member
Activity: 910
Merit: 1003
Still... Phinn provided two URLS that, as I understood, are connected somehow to InstaWallet wallets.  Are those two URLS legitimate?  If so, has Davout provided his version of what those wallets may have contained? Does the instaWallet databases have any records about them?  If so, have those records been posted?
sr. member
Activity: 470
Merit: 250
Phinn's silence on this thread is worrisome...

I assume because he doesn't really have anything else to add. The only useful information he can provide is the two InstaWallet URLs and the approximate balances, which InstaWallet has no record of. Bruno either needs to find additional information or take legal action. Presumably legal action would a difficult route if this is all the information he has.
hero member
Activity: 910
Merit: 1003
Quote

My point was that in legal liquidations the managers of the company have the lowest priority; their claims are considered only after all the others -- even if they are not charged with fraud or negligence.  I suppose that this rule is intended to remove certain obvious temptations from managers.  It seems to be a sensible rule, that bitcoiners should demand when bitcoin ventures collapse, too.
There was no liquidation at all. The company is still serving its customers. Only unsustainable services have been terminated. So what is your point exactly?
Peace, I must have minsunderstood a remark in this post as claiming that the owners of InstaWallet (or was it Paymium?) refunded themselves before other clients, after the hack and closure of their wallet service.  If that was not the case, apologies for any unwarranted implication, and please forget it.
hero member
Activity: 910
Merit: 1003
Davout says that he has looked over all addresses previously owned by Instawallet and did not find anything close to what BK claims. He also says he did it on the (supposedly) uncorrupted backups in case the thief had erased transactions from the live database.
Also more details here : http://log.bitcoin-assets.com/?date=12-06-2014#714544
Thanks! Well, it seems that we must wait for Phinn's to provide a reasonable reply to that.  If he lost records of his deposits/holdings,  I don't see much hope of him getting the coins back.

There has not been a "liquidation" per se. They just closed the service and reimbursed the (valid) claims.
I understod that.  My point was that in legal liquidations the managers of the company have the lowest priority; their claims are considered only after all the others -- even if they are not charged with fraud or negligence.  I suppose that this rule is intended to remove certain obvious temptations from managers.  It seems to be a sensible rule, that bitcoiners should demand when bitcoin ventures collapse, too.
hero member
Activity: 714
Merit: 662
Phinn's silence on this thread is worrisome, but so is that of the InstaWallet ex-owners.  I understand that Phinn is not the only person with such claim.  Also, it is claimed that the ex-owners refunded themselves before the customers, which is the opposite of the established rule in legal liquidations.

Is there any post (in some other thread, on reddit, etc.) where they have responded to these claims?

EDIT: I see that the French language thread has 7 pages of discussion on this.  Could someone please provide a one-line summary of the ex-owners counterclaim?  (With my poor French, I think I understood that Davout denies that Phinn had those coins in IsntaWallet, is that it?)

In summary I said that it pissed me off when I waste my time helping someone that does not even care.
Pages:
Jump to: