Topic: New 400 BTC Bounty Pales Roger Ver's 37.6 BTC Bounty for Return of Stolen BTC (Read 18345 times)

Those two urls are not found in instawallet systems or backup.

Thats why we are trying (or should I say we were) to find some hints.

If I say to gox liquidator "hey dudes, where are my 10K gox coin?"
They will ask me some details before giving me something.

If I don't provide details and keep asking, I'm sure they won't reply for long.

So now, we wait some details...

Maybe Phinn remembered those coins where sent somewhere else... I'm pretty sure I can forget the bounty and go to sleep...

^THIS!

While possible, I find it hard to believe that a phishing attack would be practically executed. I've never heard of an actual instawallet phishing site, other than the one on Tor.


That's an interesting theory. Practically this attack wouldn't be so easy - it can't just be a simple address replace, but it also needs to hook into balance checks, etc.


One thing I'm not sure that's been discussed here is if the IW team still has web server access logs, and if they do, simply grep through them for the addresses? The hacker of instawallet probably didn't go through the trouble of erasing the logs for specific wallets.

PG is on holidays.

Not sure we can say that they looked at the wrong place. It's more that the view was incomplete and thus can't deliver 100% certainty. A set of addresses exported from a bitcoind backup should be more reliable.

Well, what I call the "hot wallet" is the complete set of IW deposit addresses + some "internal" addresses generated by bitcoind (change, ...).
Some of them are caught during first pass. Some are caught later. Some are not caught at all. I was able to validate the latter for some "internal" addresses (but we do not really care about them to identify the initial deposit) and it's likely that some deposit addresses are also missed by the script during periods similar to december 2012.

IW was a shared wallet. Imagine that you share your bitcoin wallet with others users. Each user has one "personal" deposit address to receive coins but withdrawals are done from any subset of addresses found in the wallet with enough coins to fund the transaction. Data required to know users' balances and transactions are recorded in an external database.

Phishing attack is another possible hypothesis. I've also heard that there has been some scam attempts with a fake IW website running on TOR.
Records deleted from the internal ledger is just an hypothesis among several others. Its main difference is that it can be checked by comparing content of db backups. There's also a message posted by Phinnaeus Gage on March 2013 (15 days before the service was shutdown) which seems to confirm that everything was ok at this date.

Indeed.  This finding seems to render the IW team analysis of the blockchain irrelevant.  They looked in the wrong place, so no wonder they did not find anything.  

Assuming that BK was unaware of the flow between the hot and cold wallets, this finding also restores the credibility to his claim.  Back to square zero?

However, wouldn't the hot wallet be caught by the recursive script during its first pass?

I don't know how  InstaWallet worked.  Is it possible that BK was the victim of a phishing-style attack?  Say, he was led to a fake IW site, or the real IW server was hacked to divert some client deposits to an address that did not belong to InstaWallet, and omit those accesses from the database?

Indeed, considering the number of people he has fished embarassing things about, including people with means (and history) of suing people, it is highly likely that he got at least a letter from a lawyer threatening a lawsuit.

Or he simply may have given up hope of recovering his lost bitcoins, and got fed up with a community that, by and large, is indifferent to crime.  When they do not side with the criminals against ther victims.

Oh. That's kind of scary actually considering the amount of posts he makes targeting people while at the same time posting his home address. I bet he's fine, but he does go out of his way to invite trouble. I hope nothing has happened to him.

User @Phinnaeus_Gage (who has by far the largest number of posts on this forum) has been inactive since 2014-06-17, 18:38:34 https://bitcointalksearch.org/user/phinnaeus-gage-24792

Wow. Good work. It's nice to see that people are still on this. Despite Bruno's very bizarre sudden lack of interest. Hopefully he sticks his head in here to acknowledge you.

FYI, I've published the result of my "investigation" in the french forum.
There's no english translation but here's a short summary.

Context

3 IW urls were claimed by PG but the IW team was unable to spot 2 of them

The IW team has asked PG to provide adresses or transactions related to these 2 wallets but PG was unable to provide this kind of information.

The IW team has developed a set of scripts to parse the blockchain in order to:
  - build a list of bitcoin addresses corresponding to IW deposit addresses
  - check if any of these addresses has transactions matching informations sent by PG.
No matching address was found by the IW team.

Analysis

I've followed these steps:
  - parsing of the blockchain to identify transactions (and addresses) matching information given by PG (date, amounts, hours)
  - development of a script similar to the one implemented by the IW team, in order to list IW addresses
  - matching of the 2 sets
No significant result was found.

Then, I've analyzed the principles of the script used to build the list of IW addresses:
- as a first step, the script lists addresses having sent coins to IW cold wallet. These addresses are considered as IW deposit addresses.
- in a second step, the script uses an heuristic named "multi-inputs transactions" in order to find additional IW addresses.
- the second step is repeated recursively.

The main hypothesis associated to this script is that it allows to list all IW deposit addresses. IW was a shared wallet mixing coins from all deposit addresses, thus it may sound like a reasonable hypothesis. But it appears that some cases break this assumption. One such case is when coins sent to a deposit address are consumed alone before having a chance to be sent to the cold wallet.

Activity of the cold wallet during December 2012 shows that no coin was sent to the cold wallet between 12/08 and 12/26. In fact, during this timespan, the flow was reversed (5,500btc sent from the cold wallet to the hot wallet) surely indicating a period with more withdrawals than deposits. This period also corresponds to the period indicated by PG for his initial deposit and his splitting operation. Thus, it doesn't seem unlikely that the funds deposited by PG may have been consumed during this period and can't be found by the recursive script.

This hypothesis would explain why the IW team was unable to find transactions and addresses matching information given by PG.
WRT missing urls, one of my hypotheses is that IW db may have been altered by hackers to hide that some funds had been stolen (wallets deleted from db).

Next steps

IMHO, it's required to use a backup of the IW bitcoind, in order to export the full list of addresses and be sure to avoid false negative results.
Thus, I've forwarded all results and information to the IW team. It should allow them to investigate the case further.

I'd like to know if the wallet address is consistent with the format as well.

And there are lots and lots of people with claims that haven't been paid yet.

I see.  If anyone stlll cares, please:

I presume that the search was done by the InstaWallet owners themselves?

Are the two URLS at least self-consistent (right format, numbers in plausible range, encrypted with the InstaWallet public key, whatever)?  Could they be forged by a hacker, or have come from some other similar service?  Did BK say how he kept or recovered them?

Are there other similar claims against InstaWallet from other ex-clients?

That was exactly my point. He wrote a thousand words of "this and that" etc.
but fails to give useful information/answers to additional questions that came up
(and could easily help solve his problems).

I / we just asked for a simple, clean list styled summary / protocol of what exactly happend, how and when...
just to help finding a approval that he really had those funds, in the first step.

If we could track down (one of the) the addresses / transactions involved, anyhow, based on all those "missing links" that we were asking for,
because we couldn't dig that out of those dozens "walls of text"... I'd guess, he would come a big step closer to his coins.

So, if his claims are for real or not,...
as someone stated before, if he wants help from one or another side (us or lawyers, or whatever), he has to do this list anyway.
And also has to be ready to answer questions like "have you already tried this..." or "can you maybe get some more details on that..."
in a timely manner!

It is unnecessary to say that, as long as PG isn't going to "support" / work with the people that want(ed) to help him,
all of the already taken, and also, any further efforts are rendered useless.
*shrugs*

Still... Phinn provided two URLS that, as I understood, are connected somehow to InstaWallet wallets.  Are those two URLS legitimate?  If so, has Davout provided his version of what those wallets may have contained? Does the instaWallet databases have any records about them?  If so, have those records been posted?

I assume because he doesn't really have anything else to add. The only useful information he can provide is the two InstaWallet URLs and the approximate balances, which InstaWallet has no record of. Bruno either needs to find additional information or take legal action. Presumably legal action would a difficult route if this is all the information he has.

Peace, I must have minsunderstood a remark in this post as claiming that the owners of InstaWallet (or was it Paymium?) refunded themselves before other clients, after the hack and closure of their wallet service.  If that was not the case, apologies for any unwarranted implication, and please forget it.

Thanks! Well, it seems that we must wait for Phinn's to provide a reasonable reply to that.  If he lost records of his deposits/holdings,  I don't see much hope of him getting the coins back.

I understod that.  My point was that in legal liquidations the managers of the company have the lowest priority; their claims are considered only after all the others -- even if they are not charged with fraud or negligence.  I suppose that this rule is intended to remove certain obvious temptations from managers.  It seems to be a sensible rule, that bitcoiners should demand when bitcoin ventures collapse, too.

In summary I said that it pissed me off when I waste my time helping someone that does not even care.