Instawallet/Bitcoin-Central Security Breach

[Rampion]

FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

3. Spelling is a lost art.

4. I would like to see your spelling skills in Turkish.

[1715382345]

1715382345

[1715382345]

1715382345

[DobZombie]

/flameon

I love google, I haven't been lost ANYWHERE in like 4 years!

I WANT my browser to know what I'm thinking, and web searches to sell me shit that interests me!

I LOVE the fact if I don't know something, I can just GOOGLE it!

/flameoff

[gbl08ma]

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

First rule, don't trust that number Google gives you. It is always way off all the results one can get (some guy did a research on that, turns out you only have access to the first 1000 results or so). And second, you don't know how many of these results are the same wallet URL appearing on multiple pages.

[Arthur Randolph]

What about we try and stay on topic?

Has anyone been able to contact the people at Paymium, the company behind instawallet and bitcoin-central?

[Grinder]

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

None of them are actually on instawallet, though. https://www.google.com/search?q=%22instawallet.org/w/%22+site:instawallet.org

I realise that this may be because they have now removed direct links from Google, but the number is meaningless.

[Raoul Duke]

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

At least do it properly: https://www.google.com/search?q=inurl%3A%2Fw%2F+site%3Ainstawallet.org

[ingrownpocket]

https://www.google.com/search?q="instawallet.org%2Fw%2F"

About 29,400 results were found.

At least do it properly: https://www.google.com/search?q=inurl%3A%2Fw%2F+site%3Ainstawallet.org

I wanted to do the exact opposite of that.
Trying to show him where Google got those addresses.  

[Jan]

either way the lesson will be "trust no one to hold your coins".

Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!

In short "Keep your private keys private". Rule number ONE in Bitcoin land.

[steelboy]

either way the lesson will be "trust no one to hold your coins".

Seconded

Apparently every new batch of Bitcoiners will need to learn this valuable lesson.

If you aren't the sole controller of your private keys, you don't have any bitcoins.

Take whatever steps necessary to be the sole controller of your private keys people!

In short "Keep your private keys private". Rule number ONE in Bitcoin land.

bitcoin-central.net has updated its message

Still no mention of instawallet 

[pbtc]

Since nobody commented on other thread, https://bitcointalk.org/index.php?topic=164638.0, thought it might be useful to mention that Easywallet has same problem with google.

About 1000 wallets visible from web. Balance seems to be zero on all.

[lucb1e]

Still no mention of instawallet 

For some reason this feels intentional to me, I'm glad I wasn't on that service (only bitcoin-central).

Still though, instawallet's cold storage got transferred out with 82 confirmations last time I checked (hours ago), it should mostly be fine I guess.

[Atruk]

Chrome is the ultimate spyware

And I love it for that.

I can google for a new movie on my desktop, then completely forget about it and weeks later my phone will automagically remind me that "hey that movie you googled a while ago is now running in that theater near you".
Without me doing anything.

Or I look up a restaurant at lunchtime and later at dinnertime i'm in the area and my phone goes "dude that steak restaurant you looked up is like 20 minutes away thought you should know duder".
Without me doing anything.

Or when it's like half an hour before I usually leave work to go home and my phone going "Yeah, here's the thing. You know how you drive at x pm and take that route usually? That's gonna bite you in the ass today. I mean, just look at that traffic jam. Look at this shit. You'd better drive this way. Just saying".

Without me doing anything.

It's perfect and exactly what my phone should do.

The lesson here is not: Google is evil.

The lesson is: Security through Obscurity does never ever work.

So true.

[splat44]

Let's hope problems can be fixed in due time!

[kakashi234]

What do you think will happen with our purchase orders / sales going?

Personally, I have sales orders that I wanted to cancel because the btc was strong up, now if the website re-opens, my orders will be sent immediately without anulation possible ...

I hope they will think about it and cancel all those sales orders scheduled.

[Injust]

I hope that payments that our Instawallet addresses receive during the lack-of-service period will be credited

[steelboy]

I hope that payments that our Instawallet addresses receive during the lack-of-service period will be credited

I just want whatever was in the wallets.

[steelboy]

Still no mention of instawallet 

For some reason this feels intentional to me, I'm glad I wasn't on that service (only bitcoin-central).

Still though, instawallet's cold storage got transferred out with 82 confirmations last time I checked (hours ago), it should mostly be fine I guess.

I feel it is definitely intentional to not mention instawallet, the webpage is still the same too whereas the bit coin-central/paytunia page has been updated.

However, if 42,000ish BTC was moved from their cold storage and is now "under their exclusive control" then surely they must not have lost everything. Maybe it is like some people have said, a problem with google that left some wallets searchable?

One thing that is really pecking my head though is the fact that there has been no update and Davout has disappeared too. This seems a bit suss.

Finally, can anyone with some technical knowhow please set me straight on the problem below. Surely if the money was sent from pone address to another 48 hours before this debacle then it has to be safe? If so, why hasnt it shown up in my wallet?

I made two withdrawals from jnstawallet 2 nights ago around 1am GMT. The first one did not show up but the second one did. I messages Davout about the first one not showing up and I also emailed support at instawallet. I wasn't worried as it actually happened last time I withdrew money from them too. That took 24 hours. I also thought that as it was a bank holiday there might be a delay in support.

If this money was sent should I be sure to receive this whatever happens with the rest of instawallets issues?

So in regards to this, without being too technical. Why would a transaction take two days to confirm?

Is it something to do with instawallet being free?

Can anyone help with this?

[TiagoTiago]

So do we think it is only affecting chrome users or is this just speculation?

Aside from that there is no news is there?

You would be surprised how many people got Google as their home page and type URLs in the page's search box instead of the browser's URL bar...

[MPOE-PR]

FACTS:

1) Google is evil, and will spy on you in order to have as much information possible to cash it in form of advertisments
2) sending your funds to a wallet consisting in an non-password protected URL is RIDICOLOUS

3. Spelling is a lost art.

4. I would like to see your spelling skills in Turkish.

Merhaba rahatsız etmemek için lütfen gel!

[BubbleBoy]

Could it be that Instawallet went full "Tom Williams" on the user's accounts ? Or maybe something like this: trade the coins on mtgox, wait for the bubble to pop, buy coins back, profit.