Pages:
Author

Topic: New, simple online wallet: www.instawallet.org - no signup required (Read 28915 times)

legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Yep it is worrying to see no progress withe those millions of dollars involved.
member
Activity: 86
Merit: 10
There is no claim process on the go. I see no forms etc
legendary
Activity: 1221
Merit: 1025
e-ducat.fr
This 90 day limit on claims is bullcrap!!!! The statute of limitations on debtors in most EU countries is at least 6 years. Therefore imposing a 90 limitation on claims is totally illegal. However this is a very mute point because not one ounce of truth has come out of all this shambles as shown in the notices as to the time frame when the site is to be back up.
You must be new here.
Before ranting like that, it does not hurt to read : where did you read in any of the notice that the claim period is limited to 90 days ??

The notice says that we will not pay anyone before a 90 day period has elapsed which has nothing to do with any statute of limitations..
It has everything to do with allowing us to process the claims properly and to avoid paying the hacker.
full member
Activity: 216
Merit: 100
I'm still not sure, if all the instawallet addresses found on google only showed up there, because their owners used a google-spybot browser (or google-spybot-extensions), or if there are other scenarios where such URLs get published, even if my PC is/was really clean and used only by myself.

I still use URL-authentication e.g. on peerbet (with less than 1mBTC kept there) although they also offer registering username and password.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Ok as you don't tell how the claims process is meant to work, I hereby claim access to the funds of https://www.instawallet.org/w/poliglotabitcoindemo
It should contain 0.1BTC. Send them to 1PcEoaaGbCxVZR2SAvJs2zP3CJmSmKhm9z please.

I feel very tempted to post all of my such addresses to front run the hacker as he will have all the time in the world to hit reload on your site and take the measures to falsely claim my coins comparing the coins at stake for him to those at stake for me and others with your assumption of the first claimer being more legit than those coming later. I hope you have a good plan to put up a trap for the hacker the way you design this.

Edit: Actually if you are afraid some hacker has a list of all accounts, the only way to proof that I'm the rightful owner would be to proof prior communication of the respective addresses or proof ownership of the addresses that were used to charge the addresses or something. What will happen if the list leaks? Perfect disaster.
newbie
Activity: 48
Merit: 0
This 90 day limit on claims is bullcrap!!!! The statute of limitations on debtors in most EU countries is at least 6 years. Therefore imposing a 90 limitation on claims is totally illegal. However this is a very mute point because not one ounce of truth has come out of all this shambles as shown in the notices as to the time frame when the site is to be back up.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Hmmm ... this sux. It was inevitable you would get hacked some day. At least there is a good chance most users with small holdings get back their money without pain.

Let's hope the best. And next time at least allow users to provide an optional email address.

@davout: The more I think about the situation the more I'm worried the "hackers" will get away with a high share of all the money trusted to your service. If you assume the first to claim a stash to be the legit owner, they will make sure as hell that they will be the first for 3.5 million addresses. They will buy fake email addresses in time. They will get people involved to do a more personal claim for the bigger stashes etc. On the other hand there's people like me that gave away many small sums to friends who never looked too much into it trusting me I took a good decision. For some I still have the instawallet link but for others I might even have forgotten I gave them some. Most of the people I gave bitcoins to, just watched the price from time to time (=once a year) and will not go to instawallet within 90 days.

Please think carefully how to deal with this situation as I'm afraid this can go terribly wrong.

What is the total sum owned by instawallet?

When will the reclaim process start? I got a wrong certificate yesterday and a 404 now.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Hmmm ... this sux. It was inevitable you would get hacked some day. At least there is a good chance most users with small holdings get back their money without pain.

Let's hope the best. And next time at least allow users to provide an optional email address.
full member
Activity: 185
Merit: 100
I know things have changed over the past few years, but I'd expect some people to be more critical of what was a disaster just waiting to happen.

That's really, really great!

Fantastic idea!

Amazing idea! Love it.
newbie
Activity: 16
Merit: 0
Instawallet is just a bunch of crooks. Not a second after the currency goes through the roof do they pull a Cyprus on all the users. If you have over 50 btc your refund will be accessed. That's bull... you better have used fake information because if your real name ever got out.. Wow.
donator
Activity: 164
Merit: 100
Hi, another transaction from Instawallet hasn't come through this time 50 btc, has the bitcoin daemon fallen again???

thanks

legendary
Activity: 2940
Merit: 1333
That's because when the last maintenance occurred your wallet had a zero balance.

We archived a lot of addresses to alleviate the load on our bitcoind, the site was becoming extremely slow, the addresses are just archived though, no funds are lost.

I was only revisiting the old wallet to see if I had left anything in it.  I was pretty sure I hadn't, but was just checking.

Thanks for the reply.
legendary
Activity: 1372
Merit: 1008
1davout
I used to use InstaWallet a couple of years ago.  I have the secret URL and the corresponding bitcoin address saved.

I just visited the secret URL, but the bitcoin address it shows is different than the one it used to show.

Is this normal?  The address it shows now has never been used in any transactions, whereas I used my Instawallet quite a lot.

That's because when the last maintenance occurred your wallet had a zero balance.
If you haven't sent funds to the old address all is fine, use the new address and the old one.
If you did send funds I'll have to fix your balance manually.

We archived a lot of addresses to alleviate the load on our bitcoind, the site was becoming extremely slow, the addresses are just archived though, no funds are lost.

And no, we can't simply re-import the private key, it would block the client for the time of a whole chain rescan. :-)

So send an e-mail to the support if something needs to be done on our side.

Cheers!
legendary
Activity: 2940
Merit: 1333
I used to use InstaWallet a couple of years ago.  I have the secret URL and the corresponding bitcoin address saved.

I just visited the secret URL, but the bitcoin address it shows is different than the one it used to show.

Is this normal?  The address it shows now has never been used in any transactions, whereas I used my Instawallet quite a lot.
legendary
Activity: 1372
Merit: 1008
1davout
I did a test, before posting, but in hindsight it obviously wasn't an adequate one ;-)

I had opened my own wallet from a bookmark, because I thought the criterion
would/should be "first open" versus "re-open", but obviously you're using some
other heuristic.

Anyway, thanks for implementing it!

No worries, thanks a lot for suggesting this useful feature !

The trigger for displaying the message is "have you been redirected to a wallet (existing or not) directly from a referrer other than Instawallet itself".

For example the warning will trigger even if you're redirected to a wallet that didn't exist before, but with a key already embedded in the URL.

With the increase in price it becomes more and more important to provide additional security features since people seem to ignore the fact that Instawallet shouldn't be used to store large amounts of coins.
full member
Activity: 216
Merit: 100
I did a test, before posting, but in hindsight it obviously wasn't an adequate one ;-)

I had opened my own wallet from a bookmark, because I thought the criterion
would/should be "first open" versus "re-open", but obviously you're using some
other heuristic.

Anyway, thanks for implementing it!
legendary
Activity: 1372
Merit: 1008
1davout
A while ago, I raised some topic about making it clearly evident

[...]

one (with a link to instawallet homepage).

https://instawallet.org/w/howaboutcheckingifithasntalreadybeenimplementedbeforeasking

 Kiss
full member
Activity: 216
Merit: 100
A while ago, I raised some topic about making it clearly evident
on the wallet-page whether it is a new one, or one created previously.

I understand that there were more urgent problems meanwhile.
Since those appear to be resolved now, I'd kindly ask to review
that suggestion, again.

The Problem:
  Newbies click on links that lead them to an "insta"-wallet,
but depending on what link they actually followed, the wallet
might be "not a fresh" one. Instead it might be a wallet
created by a scammer, and once the unsuspecting newbie
deposits 0.01 or more, the scammer would withdraw it,
leaving behind a newbie thinking that instawallet itself may
have ripped them.

The Proposal:
  Use specific wording such as "welcome BACK to your wallet",
that is likely to alert even Newbies that they didn't actually get
a new wallet. Also, add a footnote, that if the "back" isn't what
they expected (i.e., they don't remember havign created a wallet
and saved the link before), that they should rather create a new
one (with a link to instawallet homepage).
donator
Activity: 335
Merit: 250
Bitcoin, Ripple & Blockchain pioneer
Another problem has been notified. I'm currently waiting for davout's reply, so I will update this thread as soon as this problem is solved.

EDIT:
At 14:30h, that is one hour later, the problem was solved. Thanks
legendary
Activity: 1372
Merit: 1008
1davout
Sorry for the earlier rant, that was uncalled for.
I could have expressed the same thing without being so aggressive.

My apologies.

Lesson : never post when you did not have your first cup of coffee.


Have a nice day all, and don't hesitate to notify me of any issue.

Pages:
Jump to: