Bitcoin Forum
November 17, 2017, 08:03:42 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 »  All
  Print  
Author Topic: Instawallet/Bitcoin-Central Security Breach  (Read 84252 times)
steelboy
Hero Member
*****
Offline Offline

Activity: 784



View Profile
April 01, 2013, 08:50:12 PM
 #61

They sure kept us in a state of panic for a while there! Glad to see it's all working out fine Smiley

[Apr-1 10:30 CET] Bitcoin-Central and Paytunia update: Our customer's bitcoins and euros are safe and will not be affected by the security breach. We have taken the websites off-line for proper investigation.

The address 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy is under our exclusive control.

We thank you for your patience and will provide updates exclusively on this page as they come in. We are committed to resuming service as soon as possible. Expect normal service to resume within 48 hours.


----

Deep breath ...

What's the site?

It's showing up on https://bitcoin-central.net/

So far it hasn't appeared on Paytunia and Instawallet yet, but as the Instawallet transaction was to the same address I can only assume that those funds are safe as well.
They sure kept us in a state of panic for a while there! Glad to see it's all working out fine Smiley

[Apr-1 10:30 CET] Bitcoin-Central and Paytunia update: Our customer's bitcoins and euros are safe and will not be affected by the security breach. We have taken the websites off-line for proper investigation.

The address 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy is under our exclusive control.

We thank you for your patience and will provide updates exclusively on this page as they come in. We are committed to resuming service as soon as possible. Expect normal service to resume within 48 hours.


----

Deep breath ...

What's the site?

It's showing up on https://bitcoin-central.net/

So far it hasn't appeared on Paytunia and Instawallet yet, but as the Instawallet transaction was to the same address I can only assume that those funds are safe as well.

I hope so. I really do.

1510949022
Hero Member
*
Offline Offline

Posts: 1510949022

View Profile Personal Message (Offline)

Ignore
1510949022
Reply with quote  #2

1510949022
Report to moderator
1510949022
Hero Member
*
Offline Offline

Posts: 1510949022

View Profile Personal Message (Offline)

Ignore
1510949022
Reply with quote  #2

1510949022
Report to moderator
1510949022
Hero Member
*
Offline Offline

Posts: 1510949022

View Profile Personal Message (Offline)

Ignore
1510949022
Reply with quote  #2

1510949022
Report to moderator
A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1510949022
Hero Member
*
Offline Offline

Posts: 1510949022

View Profile Personal Message (Offline)

Ignore
1510949022
Reply with quote  #2

1510949022
Report to moderator
1510949022
Hero Member
*
Offline Offline

Posts: 1510949022

View Profile Personal Message (Offline)

Ignore
1510949022
Reply with quote  #2

1510949022
Report to moderator
mccorvic
Hero Member
*****
Offline Offline

Activity: 518



View Profile
April 01, 2013, 08:50:48 PM
 #62

Glad this one has panned out OK (or will do once that transaction actually confirms)

Strange that they're still unconfirmed.

Offering Video/Audio Editing Services since 2011 - https://bitcointalk.org/index.php?topic=77932.0
Injust
Legendary
*
Offline Offline

Activity: 1008



View Profile
April 01, 2013, 08:51:44 PM
 #63

Someone on HN pointed out that the transfer happened an hour or two before the site went down. Can anyone confirm this? It looks like the transfer happened about an hour before *this thread* appeared, but did this thread start immediately after the site came down?

https://news.ycombinator.com/item?id=5475389

I made the thread after I tried to access my Instawallet and couldn't. I have no idea when it went down.
Nick
Jr. Member
*
Offline Offline

Activity: 57


View Profile
April 01, 2013, 08:52:26 PM
 #64

They should sign a message with that adress to proof it's under their exclusive control.

0d0bb056a3593ce7585321bbcbf6318048f18cedc312530f80ebf3cabf4bc984
gbl08ma
Sr. Member
****
Offline Offline

Activity: 306


Donations: http://tny.im/nx


View Profile WWW
April 01, 2013, 08:52:31 PM
 #65

Signing a message with 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy would be appropriate... also, a message at a website which may be compromised doesn't guarantee much IMO.

(Nick had the same idea as me it seems...)

Joost
Member
**
Offline Offline

Activity: 68



View Profile
April 01, 2013, 08:54:33 PM
 #66

Someone on HN pointed out that the transfer happened an hour or two before the site went down. Can anyone confirm this? It looks like the transfer happened about an hour before *this thread* appeared, but did this thread start immediately after the site came down?

https://news.ycombinator.com/item?id=5475389

I made the thread after I tried to access my Instawallet and couldn't. I have no idea when it went down.

Bitcoin Central has been failing to process transactions since 5PM CET (which is 6 hours ago at the moment of writing) and went to 'Down for maintenance'-mode 2 hours later. It seems the transaction was indeed done well before it went down, roughly when they stopped processing transactions on BTCentral.

Signing a message with 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy would be appropriate... also, a message at a website which may be compromised doesn't guarantee much IMO.

I hardly think a hacker would take the time to post such a message after he has looted 4 million worth of USD. I don't really see the added value. Would it serve as a convincer to miners that are currently not adding it to the blocks? I doubt miners would decide based upon a post like that - seeing as the transaction fee is so huge, the reason it hasn't been added to a block can hardly be a collective moral decision of miners.
uhoh
Hero Member
*****
Offline Offline

Activity: 728


Circle gets the Square


View Profile
April 01, 2013, 08:57:56 PM
 #67

Is it me or has the transactions been waiting 3 hours to be included in a block?

seems VERY odd. Could understand if they had been sent with no fees, but they haven't
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
April 01, 2013, 08:59:21 PM
 #68

Signing a message with 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy would be appropriate... also, a message at a website which may be compromised doesn't guarantee much IMO.

(Nick had the same idea as me it seems...)

Both good points. Also lol at person indignant that they're not paid for the work done googling site:instawallet.com

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Injust
Legendary
*
Offline Offline

Activity: 1008



View Profile
April 01, 2013, 08:59:56 PM
 #69

Signing a message with 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy would be appropriate... also, a message at a website which may be compromised doesn't guarantee much IMO.

(Nick had the same idea as me it seems...)

Both good points. Also lol at person indignant that they're not paid for the work done googling site:instawallet.com

It's instawallet.ORG
Tongue
dooglus
Legendary
*
Offline Offline

Activity: 2338



View Profile
April 01, 2013, 09:00:13 PM
 #70

We thank you for your patience and will provide updates exclusively on this page as they come in.

What page is that from?

The wording "exclusive control" is also odd to me, sounds like someone steals it (internal employee?) and they discovered and force the guy give back the key?

Sounds to me like they're just saying "we know this address hasn't been compromised, and we control it, so don't worry".

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Injust
Legendary
*
Offline Offline

Activity: 1008



View Profile
April 01, 2013, 09:01:07 PM
 #71

We thank you for your patience and will provide updates exclusively on this page as they come in.

What page is that from?

The wording "exclusive control" is also odd to me, sounds like someone steals it (internal employee?) and they discovered and force the guy give back the key?

Sounds to me like they're just saying "we know this address hasn't been compromised, and we control it, so don't worry".

This is from https://bitcoin-central.net/.
steelboy
Hero Member
*****
Offline Offline

Activity: 784



View Profile
April 01, 2013, 09:02:07 PM
 #72

I made two withdrawals from jnstawallet 2 nights ago around 1am GMT. The first one did not show up but the second one did. I messages Davout about the first one not showing up and I also emailed support at instawallet. I wasn't worried as it actually happened last time I withdrew money from them too. That took 24 hours. I also thought that as it was a bank holiday there might be a delay in support.

If this money was sent should I be sure to receive this whatever happens with the rest of instawallets issues?
twolifeinexile
Full Member
***
Offline Offline

Activity: 154



View Profile
April 01, 2013, 09:06:29 PM
 #73

We thank you for your patience and will provide updates exclusively on this page as they come in.

What page is that from?

The wording "exclusive control" is also odd to me, sounds like someone steals it (internal employee?) and they discovered and force the guy give back the key?

Sounds to me like they're just saying "we know this address hasn't been compromised, and we control it, so don't worry".

Hmmm, your explanation makes more sense of the word "exclusive" Smiley.
Guess the implied info is that the two cold storage wallets maybe compromized and not in "exclusive" control, out of caution, they moved to a wallet they feel more secure.

twolifeinexile
Full Member
***
Offline Offline

Activity: 154



View Profile
April 01, 2013, 09:11:43 PM
 #74

either way the lesson will be "trust no one to hold your coins".
Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!

yep

But instawallet is really convenent and if you need spend, it is such a snap to use. They even have a iphone HTML5 app.
Anyway, I put some funds there with the intention to spend, but still got a little panic (not really, but my money there is not immaterial either).
I guess I will just take some BTC out there after this fiasco. (It wasn't really signficiant amount money, but BTC keep rising and now not a change any more!)
Injust
Legendary
*
Offline Offline

Activity: 1008



View Profile
April 01, 2013, 09:13:15 PM
 #75

either way the lesson will be "trust no one to hold your coins".
Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!

yep

But instawallet is really convenent and if you need spend, it is such a snap to use. They even have a iphone HTML5 app.
Anyway, I put some funds there with the intention to spend, but still got a little panic (not really, but my money there is not immaterial either).
I guess I will just take some BTC out there after this fiasco. (It wasn't really signficiant amount money, but BTC keep rising and now not a change any more!)

Essentially, the only way I use Instawallet is I use it to condense all the small transactions that I get from faucets (that's my only source of Bitcoins Tongue) and when I get BTC0.02, I send BTC0.01 to my other wallet. So I never keep more than BTC0.02 there.
dooglus
Legendary
*
Offline Offline

Activity: 2338



View Profile
April 01, 2013, 09:19:11 PM
 #76

Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
April 01, 2013, 09:23:26 PM
 #77

Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?
That's kind of a huge "wtf" to me as well.

Is Bitcoin broken??   Tongue
jabetizo
Full Member
***
Offline Offline

Activity: 122


View Profile WWW
April 01, 2013, 09:24:09 PM
 #78

Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?
+1

for some reason the network propagation for both transactions is below 5%, why are nodes not relaying them?

piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
April 01, 2013, 09:24:19 PM
 #79

Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?

They use unconfirmed inputs. Such as this tx: http://blockchain.info/tx/a3aad3ddc180ec33d3060e5b0b048ab07647271db559743b46f4668f7796c6d4 which is too large for no fees.

SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
April 01, 2013, 09:26:33 PM
 #80

Does anyone have any theories as to how it is possible that the most recent two transactions to 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy are still confirmed after several hours despite each including a massive 0.1 BTC fee?

They use unconfirmed inputs. Such as this tx: http://blockchain.info/tx/a3aad3ddc180ec33d3060e5b0b048ab07647271db559743b46f4668f7796c6d4 which is too large for no fees.
Well, invalid tx hash when I click on the link, but that makes sense anyway.

So, question.  Can you create an identifier for unconfirmed inputs, such that they would "pop out" at a person looking at this page: http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy

Maybe just mark the text in red, or put a little red "unconfirmed" bubble next to any of them that aren't confirmed.
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!