[ANN] You liked instawallet.org ? You'll love instawire.org !

[davout]

TL;DR : Paste a Bitcoin address in a bank wire "reference" field. Bitcoins automatically sent to that address. Also refer your friends and get 1% of what we sell.


Hello everyone!

I'm very proud to announce that Paymium is launching a new original service called InstaWire, it's available at https://instawire.org.

It'll let you buy Bitcoins hassle-free by simply pasting your Bitcoin address in the "Comments" field of a bank wire. It's mostly intended for beginners or people who want to buy a few coins from time to time without the pain of registering an account on an exchange or going through AMhell.

The price will vary depending on market conditions and include a small commission.

We also have a nice affiliation program where you direct customers to us through a specially crafted link containing your Bitcoin address and you are rewarded with 1% of the Bitcoins sold. So if you refer Paul to us and Paul buys 100 BTC on InstaWire, we reward you with 1 BTC out of our own pocket.

Just craft your URL like this : https://instawire.org/?r=1DavouTAsveznCFHsz688xvbrRAq4u2qm8 put in on your blog, your signature, get its QR code tattoed on your chest and listen to the sweet sound of Bitcoins rolling in. (Pro-tip : we haven't edited the wiki pages yet to add InstaWire to the lists)

[evoorhees]

LOVE IT. Nice work

[BIGMERVE]

Your website only mentions Euros. Do you accept USD too?

[Remember remember the 5th of November]

Not saying anything, but these kind of websites usually have some XSS vulnerabilities. Please check for that.

[knight22]

Seems pretty nice! It would be cool if it is available for CAD too...

[n8rwJeTt8TrrLKPa55eU]

Excellent idea!

The obvious suggestion/request is to increase the €100 limit and accept other currencies (USD, etc)

[davout]

Obvious suggestion/request is to increase the €100 limit and accept other currencies (USD, etc)

We're working on accepting USD through Dwolla and other methods, that should come pretty soon.

[teslacoil404]

very very nice! Good job!

[davout]

We got our first two customers yesterday!
And they went through my affiliate link 

[drekk]

Looking good!

Ordered 10 BTC yesterday. I somehow didn't receive the notification E-Mail, but you can check the status of pending orders by (re-)entering your BTC address on the front page. It won't place a new order, if you don't want to!

This way I was able to finalize the process and have just gotten the sixth confirmation for the transfer. And davout made a small provision.

Everybody happy!
~drekk~

[Dabs]

You could accept USD, but I am guessing that you would have to open a USD bank account with your bank (other currency or foreign currency account.)

[casascius]

My experience with wiring money is that the comments field is often converted to all caps. How do you deal with that?

One thing is kind of scary is that a rogue bank employee who knows about bitcoin could perform a low-tech meatspace MITM attack and insert his own address. By the time it was discovered it would be too late.

[davout]

My experience with wiring money is that the comments field is often converted to all caps. How do you deal with that?

If the address we receive is truncated, uppercased or otherwise invalid it gets corrected transparently as soon as the user checks for his transfer status by inputting his full and valid address in our interface.

One thing is kind of scary is that a rogue bank employee who knows about bitcoin could perform a low-tech meatspace MITM attack and insert his own address. By the time it was discovered it would be too late.

I highly doubt there is any manual intervention in transfers made from web interfaces, and even if there was, I think the risk is pretty equivalent to having your transfer maliciously re-routed to a different IBAN.

[casascius]

One thing is kind of scary is that a rogue bank employee who knows about bitcoin could perform a low-tech meatspace MITM attack and insert his own address. By the time it was discovered it would be too late.

I highly doubt there is any manual intervention in transfers made from web interfaces, and even if there was, I think the risk is pretty equivalent to having your transfer maliciously re-routed to a different IBAN.

Whether or not there is is highly dependent on the bank and their procedures.  None of us really knows for sure, but finding out the hard way will be really expensive for somebody.  I know I'm a little bit prudish, but then again, I haven't lost money with Zhou Tong, Pirate, or ever had a wallet stolen, or funds in a website that got hacked.

I sent a wire out recently and, after clearly verifying that the amount was x, it went through for 10x, and then I had to start sounding the alarm bells pointing out that somebody somewhere screwed up.  So clearly, at some places, some things are done manually.  In that case, the full 10x hit the recipient's bank account, and then they were able to get the destination bank to send 9x of it back.  Imagine your bank wire gets manipulated by a clipboard BTC-address replacer because some step along the way involves copy and paste on a computer that caught malware.  Just sayin'!

[Boussac]

One thing is kind of scary is that a rogue bank employee who knows about bitcoin could perform a low-tech meatspace MITM attack and insert his own address. By the time it was discovered it would be too late.

I highly doubt there is any manual intervention in transfers made from web interfaces, and even if there was, I think the risk is pretty equivalent to having your transfer maliciously re-routed to a different IBAN.

Whether or not there is is highly dependent on the bank and their procedures.  None of us really knows for sure, but finding out the hard way will be really expensive for somebody.  I know I'm a little bit prudish, but then again, I haven't lost money with Zhou Tong, Pirate, or ever had a wallet stolen, or funds in a website that got hacked.

I sent a wire out recently and, after clearly verifying that the amount was x, it went through for 10x, and then I had to start sounding the alarm bells pointing out that somebody somewhere screwed up.  So clearly, at some places, some things are done manually.  In that case, the full 10x hit the recipient's bank account, and then they were able to get the destination bank to send 9x of it back.  Imagine your bank wire gets manipulated by a clipboard BTC-address replacer because some step along the way involves copy and paste on a computer that caught malware.  Just sayin'!

Come on ! Even in the very unlikely situation were they can alter the content of an online wire transfer, bank employees would not risk losing their job for a few BTC (each bank will only process a fraction of the traffic and it would not take long before we receive complaints). Then again, I can get struck by lightning twice tomorrow.

[casascius]

Come on ! Even in the very unlikely situation were they can alter the content of an online wire transfer, bank employees would not risk losing their job for a few BTC (each bank will only process a fraction of the traffic and it would not take long before we receive complaints). Then again, I can get struck by lightning twice tomorrow.

That's not a safe assumption to make when customers are the one taking the risk, possibly with a lot of money.  What if somebody somewhere can alter a comment without losing their job or being detected or identified?  Neither of us knows for certain that's impossible.  Complaints won't do much good if you're complaining after the money has already been stolen.  You use SSL when you bank or shop online, right?  Even though the risk of MITM is relatively small?  Even if only spending $10?  You would exercise caution (especially with other people's money) for much the same reason as you would use SSL when transacting online.

[davout]

That's not a safe assumption to make when customers are the one taking the risk, possibly with a lot of money.

Coming from you it's kind of a really weird thing to say. You do sell 1000 BTC casascius gold coins right ? Yeah, that's what I thought.

What if somebody somewhere can alter a comment without losing their job or being detected or identified?  Neither of us knows for certain that's impossible.
Complaints won't do much good if you're complaining after the money has already been stolen.  You use SSL when you bank or shop online, right?  Even though the risk of MITM is relatively small?  Even if only spending $10?  You would exercise caution (especially with other people's money) for much the same reason as you would use SSL when transacting online.

Whatever man, you're the one that can potentially run away with thousands of BTC worth of private keys and your only comment on this service is that we shouldn't trust banks to properly execute transfers 100€ worth ?

[casascius]

That's not a safe assumption to make when customers are the one taking the risk, possibly with a lot of money.

Coming from you it's kind of a really weird thing to say. You do sell 1000 BTC casascius gold coins right ?

Yep, mainly because those who have bought my coins likely feel they have adequate recourse against me, and if their BTC were to disappear, there is exactly one person whose ass to kick.  I have helped to mitigate their risk by sharing my personal information and offering to cooperate with any reasonable steps to verify anything anybody wants.

You are welcome to disregard my input, as I don't mean it to be critical.  Given the fee for a typical bankwire, I'd expect to see amounts much larger than 100€, certainly amounts worth stealing.  I am simply recommending that you take steps to mitigate the risk of a MITM changing the comment field on a bankwire for his own benefit and not assuming it can never happen.

[Boussac]

That's not a safe assumption to make when customers are the one taking the risk, possibly with a lot of money.

Coming from you it's kind of a really weird thing to say. You do sell 1000 BTC casascius gold coins right ?

Yep, mainly because those who have bought my coins likely feel they have adequate recourse against me, and if their BTC were to disappear, there is exactly one person whose ass to kick.  I have helped to mitigate their risk by sharing my personal information and offering to cooperate with any reasonable steps to verify anything anybody wants.

You are welcome to disregard my input, as I don't mean it to be critical.  Given the fee for a typical bankwire, I'd expect to see amounts much larger than 100€, certainly amounts worth stealing.  I am simply recommending that you take steps to mitigate the risk of a MITM changing the comment field on a bankwire for his own benefit and not assuming it can never happen.

Your concern is valid but has been addressed in our risk analysis before launching the service: we have capped the maximum amount to 100 € per day per bank account.
Given the instawire sales flow seen by any given bank and the risk for the job security of a bank employee engaging in this kind of fraud, we consider the risk acceptable at this point.

[OneEyed]

I'm currently testing the service, but while everything went very quickly so far (I initiated the transfer around 22:30 yesterday if I remember correctly, and it looks like you already received it 20 hours later) my purchase entered a so-called "Pending risk assessment" state. Does this phase take long? (I've been using this bank account with bitcoin-central a lot, inbound and outbound)