Bitcoin Forum
November 18, 2017, 04:21:04 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Poll
Question: What will you do?
Hold on tight - 27 (54%)
Sell all my BTC - 5 (10%)
Buy cheap BTC - 18 (36%)
Total Voters: 38

Pages: [1]
  Print  
Author Topic: Instawallet security breach  (Read 2066 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
sounds
Full Member
***
Offline Offline

Activity: 140

1221iZanNi5igK7oAA7AWmYjpsyjsRbLLZ


View Profile
April 01, 2013, 06:04:10 PM
 #1

instawallet.org says:




Down for Maintenance
We have detected a security breach. Services are temporarily suspended until we have thoroughly investigated the situation. We will resume services as soon as possible.

Please do not send funds to your address for the time being.

Stay tuned for further updates, thank you for your understanding.

the founder (user here on bitcointalk) has locked his thread but it has some details
1511022064
Hero Member
*
Offline Offline

Posts: 1511022064

View Profile Personal Message (Offline)

Ignore
1511022064
Reply with quote  #2

1511022064
Report to moderator
1511022064
Hero Member
*
Offline Offline

Posts: 1511022064

View Profile Personal Message (Offline)

Ignore
1511022064
Reply with quote  #2

1511022064
Report to moderator
1511022064
Hero Member
*
Offline Offline

Posts: 1511022064

View Profile Personal Message (Offline)

Ignore
1511022064
Reply with quote  #2

1511022064
Report to moderator
It is a common myth that Bitcoin is ruled by a majority of miners. This is not true. Bitcoin miners "vote" on the ordering of transactions, but that's all they do. They can't vote to change the network rules.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511022064
Hero Member
*
Offline Offline

Posts: 1511022064

View Profile Personal Message (Offline)

Ignore
1511022064
Reply with quote  #2

1511022064
Report to moderator
Amitabh S
Legendary
*
Offline Offline

Activity: 1002


View Profile
April 01, 2013, 06:47:05 PM
 #2

Its a fundamental issue with the "url" concepts. Chrome and IE and some ff browser extensions work like a trojan, sending users history to search engines for indexing.. After they "fixed" the google flaw, I tried with bing and sure enough got several instawallet urls.. All with zero btc though but some had received coins in the past.

Coinsecure referral ID: https://coinsecure.in/signup/refamit (use this link to signup)
piramida
Legendary
*
Offline Offline

Activity: 1120



View Profile
April 01, 2013, 06:50:04 PM
 #3

doubt anybody is reckless enough to store anything but some change for a brief periods of time there (less than it takes for search engines to pick up the url). so non-issue.

i am satoshi
mccorvic
Hero Member
*****
Offline Offline

Activity: 518



View Profile
April 01, 2013, 06:50:37 PM
 #4

doubt anybody is reckless enough to store anything but some change for a brief periods of time there (less than it takes for search engines to pick up the url). so non-issue.

I wish this were true, but people seem to fall for the same mistakes over and over.

Offering Video/Audio Editing Services since 2011 - https://bitcointalk.org/index.php?topic=77932.0
Lethos
Sr. Member
****
Offline Offline

Activity: 476


Keep it Simple. Every Bit Matters.


View Profile WWW
April 01, 2013, 06:51:32 PM
 #5

Never underestimate human stupidity.
Someone will eventually do it (store loads of Btc on there)

Lethos Designs | UK BTC Seller -  Local Bitcoins | BTC OTC Rating | 1EFhXfX9uXsbXBF3LC69GiVfS3SHCsyMR1
FPGA: 2x Quad XC6SLX150 Boards
ineededausername
Hero Member
*****
Offline Offline

Activity: 784


bitcoin hundred-aire


View Profile
April 01, 2013, 06:52:23 PM
 #6

Is this a big deal for some reason?

(BFL)^2 < 0
Lethos
Sr. Member
****
Offline Offline

Activity: 476


Keep it Simple. Every Bit Matters.


View Profile WWW
April 01, 2013, 06:54:26 PM
 #7

Is this a big deal for some reason?

With the right url, you essentially have open access to that wallet.

Them being index, basically gave you a gaint list of accounts steal from.

edit: spelling

Lethos Designs | UK BTC Seller -  Local Bitcoins | BTC OTC Rating | 1EFhXfX9uXsbXBF3LC69GiVfS3SHCsyMR1
FPGA: 2x Quad XC6SLX150 Boards
gbl08ma
Sr. Member
****
Offline Offline

Activity: 306


Donations: http://tny.im/nx


View Profile WWW
April 01, 2013, 07:01:52 PM
 #8

I find somewhat funny that it happened on 1st April... Still, and if this is not a April Fools joke*, I don't think the URL issue would be enough to have them decide going down for maintenance - they didn't do anything like it when the issue with Google listing was popularized, and that was the right time to go down, not now. I say the security breach is of another kind and maybe completely unrelated.

I saw on some other threads people saying they couldn't send funds out of their Instawallet (as if the hot coins wallet had become empty) for some days. I guess the URLs thing made some people with bad intentions look more closely to Instawallet. I say they found an exploit, and used it.

*if it's a joke, it's preventing every user of their website from sending coins and I'm sure they are not finding it funny (that's why I don't think this is a fools joke).

gbl08ma
Sr. Member
****
Offline Offline

Activity: 306


Donations: http://tny.im/nx


View Profile WWW
April 01, 2013, 07:04:39 PM
 #9

Also look at this related thread and its second post: https://bitcointalk.org/index.php?topic=164126.0
This confirms my suspicion it has something to do with the hot wallet (maybe they were shared)...

Pure speculation (hence why I'm posting here instead of on all other threads about this breach):
Could it be that this is an elaborate April fools by Paytunia et al. just to see if the USD/BTC value goes down, so they can get cheap coins?

coinuser4000
Member
**
Offline Offline

Activity: 94



View Profile
April 02, 2013, 03:58:36 AM
 #10

Quote

Do not touch them with a bargepole.




HAHA. That is the best line I heard all day.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!