Bitcoin Forum
November 07, 2024, 02:33:08 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 [7] 8 9 10 »  All
  Print  
Author Topic: instawallet has fallen new owner stealing  (Read 13399 times)
yodog
Member
**
Offline Offline

Activity: 99
Merit: 10


View Profile
March 17, 2013, 09:31:40 AM
 #121

My 52.39 btc is also 'missing' sent from one instawallet to another address and the coins are not showing up in the block chain, and the new address isn't showing up either cause its never been used.....

and yet on the address where the 52.39 btc were sent from shows unspent coins but they are no longer in the instawallet Sad

http://blockchain.info/unspent?active=17iQhdkNpoxYcNNcXodPjTWUqSuTC8XaF4&format=html   

The coins showed up to the sent wallet, so everything has been resolved. I know for next time to just use a bitcoin mixer and just pay the 1-3% fee...
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 17, 2013, 09:38:09 AM
 #122

My 52.39 btc is also 'missing' sent from one instawallet to another address and the coins are not showing up in the block chain, and the new address isn't showing up either cause its never been used.....

and yet on the address where the 52.39 btc were sent from shows unspent coins but they are no longer in the instawallet Sad

http://blockchain.info/unspent?active=17iQhdkNpoxYcNNcXodPjTWUqSuTC8XaF4&format=html   

The coins showed up to the sent wallet, so everything has been resolved. I know for next time to just use a bitcoin mixer and just pay the 1-3% fee...

You really want to lose your coins, don't you? Grin
rpietila
Donator
Legendary
*
Offline Offline

Activity: 1722
Merit: 1036



View Profile
March 17, 2013, 09:51:45 AM
 #123

My 52.39 btc is also 'missing' sent from one instawallet to another address and the coins are not showing up in the block chain, and the new address isn't showing up either cause its never been used.....

and yet on the address where the 52.39 btc were sent from shows unspent coins but they are no longer in the instawallet Sad

http://blockchain.info/unspent?active=17iQhdkNpoxYcNNcXodPjTWUqSuTC8XaF4&format=html   

The coins showed up to the sent wallet, so everything has been resolved. I know for next time to just use a bitcoin mixer and just pay the 1-3% fee...

You really want to lose your coins, don't you? Grin

If you definitely want to do that, use the easywallet.org. The only online service that I have been able to keep BTC100 for an extended time without anything happening.

HIM TVA Dragon, AOK-GM, Emperor of the Earth, Creator of the World, King of Crypto Kingdom, Lord of Malla, AOD-GEN, SA-GEN5, Ministry of Plenty (Join NOW!), Professor of Economics and Theology, Ph.D, AM, Chairman, Treasurer, Founder, CEO, 3*MG-2, 82*OHK, NKP, WTF, FFF, etc(x3)
yodog
Member
**
Offline Offline

Activity: 99
Merit: 10


View Profile
March 17, 2013, 10:07:57 AM
 #124

I have filtered 1000$'s of dollars worth of btc thru bitcoinfog, not once has the coins been held up like this on instawallet, or entire wallet disappearing from blockchain.info It had about 3500$ worth of my coins, luckily I had backed up the wallet!!!
DigitalHermit
Full Member
***
Offline Offline

Activity: 150
Merit: 100


Thank you! Thank you! ...


View Profile
March 27, 2013, 10:26:52 PM
 #125

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
March 27, 2013, 10:30:23 PM
 #126

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656
I feel like I knew about this a long time ago somehow.  Did this happen before?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 27, 2013, 10:51:12 PM
 #127

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656
I feel like I knew about this a long time ago somehow.  Did this happen before?

It did.
They said it was because it created a new wallet when google bot visted them. Very quick to write it off.
I'll try and search the thread later. Great lolz will follow Smiley
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
March 27, 2013, 10:55:19 PM
 #128

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656
I feel like I knew about this a long time ago somehow.  Did this happen before?

It did.
They said it was because it created a new wallet when google bot visted them. Very quick to write it off.
I'll try and search the thread later. Great lolz will follow Smiley
Sweet.  My memories are vindicated.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
March 27, 2013, 11:03:02 PM
 #129

Instawallet has been leaking wallet URLs to Google making them fully indexed/searchable.

Absolutely devastating security hole. I can't see ever trusting them again:

http://www.adaptiveglass.com/?p=656
I feel like I knew about this a long time ago somehow.  Did this happen before?

It did.
They said it was because it created a new wallet when google bot visted them. Very quick to write it off.
I'll try and search the thread later. Great lolz will follow Smiley
I found this:  https://bitcointalk.org/index.php?topic=87387.msg982779#msg982779
It might have been TorWallet you were thinking of.

But I did find this:  https://bitcointalk.org/index.php?topic=6785.msg387831#msg387831
Didn't follow the thread much further.  Obviously, Google indexing instawallet pages is a problem that has existed since it started.  It seems like this post wasn't taken seriously at all.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
March 28, 2013, 01:17:42 AM
 #130

What if a person sets up an RSS feed from Google, informing him each time the phrase "instawallet.org/w" is indexed? All the person would have to do is check the complete URL to see if it's funded.

I'm sure there are, or will be, people who'll think they're protected, posting the URL to their InstaWallet on some public domain.
Injust
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000



View Profile
March 28, 2013, 01:25:26 AM
 #131

Instawallet now has a robots.txt file that blocks Google from indexing all Instawallet URLs with "/w/" in them.
Cheesy
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
March 28, 2013, 05:17:04 AM
 #132

@davout

I trust your site, but allow me to play Devil's advocate.

Could a scammer do somthing similar to the following?

He meets his mark at Starbucks where one of his comrades has already sat up a URL sniffer. He has the mark whose new to the Bitcoin scene go to instawallet.org. A new wallet it generate. Money and bitcoins change hands.

A wise scammer would wait several days before attempting to steal back the funds with the hope that more would be in it now that the mark feels comfortable using the system, being too lazy to get another IW or exploring another client.

If I lived in Chicago and my name were Rockso, this is what I would attempt.
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
March 28, 2013, 07:04:17 AM
 #133

SSL encryption, makes it impossible to compromise a wallet by sniffing traffic between the client and the server.

Isn't it true that several certificate authorities have had their signing certificates stolen, meaning that it's possible for attackers to initiate man-in-the-middle attacks on SSL sites without alerting the end user?  I don't know the details, but I'm sure I've read in several places that SSL isn't particularly secure given the number of CAs that most browsers trust by default.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
March 28, 2013, 08:14:30 AM
 #134

SSL encryption, makes it impossible to compromise a wallet by sniffing traffic between the client and the server.

Isn't it true that several certificate authorities have had their signing certificates stolen, meaning that it's possible for attackers to initiate man-in-the-middle attacks on SSL sites without alerting the end user?  I don't know the details, but I'm sure I've read in several places that SSL isn't particularly secure given the number of CAs that most browsers trust by default.

http://blog.g0tmi1k.com/2009/07/video-stripping-ssl-sniffing-https.html
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
March 28, 2013, 10:05:58 AM
 #135


Yes, I've seen that before, and experimented with it, but it's not what I'm thinking of.  That technique tricks the user into making a regular HTTP connection by modifying links.  So if you visit http://yourbank.com/ and it has a link to https://online-banking.yourbank.com/ they effectively just remove the 's' after 'http' so you make a regular unencrypted connection, which they can then sniff.

http://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates is more the kind of thing I'm talking about.  I break into a Dutch certificate authority's computers, and generate myself a certificate for instawallet.org.  I then poison your DNS so you come to me instead of directly to instawallet.org, I present you with my ill-gotten certificate, and your browser shows you that you're connected securely and everything's encrypted and fine.  I can choose to pass you on through to the real instawallet.org, or I can just steal your secret URL and present you with a message saying "restarting bitcoind takes all day, sorry" or similar.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 28, 2013, 01:29:50 PM
 #136

The matter about google indexing instawallet's pages was brought up on Torwallet's thread, yes.
Here is Davout saying it doesn't matter: https://bitcointalk.org/index.php?topic=87387.msg979815#msg979815
As rjk said, if you keep your url safe (not post it anywhere online) google can't find it.

I gave an example. The right person will understand this.
Assertion 1 :
Your search yields approximately 19 URLs.
There are over 250,000 different wallets at Instawallet.

Assertion 2 :
Google does not magically index hidden wallet URLs.

Make your conclusions.
AndreyE
Member
**
Offline Offline

Activity: 86
Merit: 10


View Profile
April 03, 2013, 08:01:30 AM
 #137

3.2 BTC stolen from me, and 3.2 from a friend of mine
dave111223
Legendary
*
Offline Offline

Activity: 1190
Merit: 1001


View Profile WWW
April 03, 2013, 11:59:47 AM
 #138

Looks like the whole site is offline now.
JordanL
Donator
Sr. Member
*
Offline Offline

Activity: 294
Merit: 250



View Profile
April 03, 2013, 12:42:01 PM
 #139

Looks like the whole site is offline now.

Quote
We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.

Please do not send funds to your address for the time being.

Stay tuned for further updates, thank you for your understanding.


Wow, shitty.
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
April 03, 2013, 04:28:58 PM
 #140

Aaaaaaaaand it's gone. Forever. This is an ex-change, wait, I mean, this ship has banked, wait, I mean, it's bubble has popped.
Pages: « 1 2 3 4 5 6 [7] 8 9 10 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!