Instawallet/Bitcoin-Central Security Breach

[trout]

Our database was fraudulently accessed,

Actually this doesn't even say that some coins were stolen.
This doesn't look good.

[1713572686]

1713572686

[1713572686]

1713572686

[1713572686]

1713572686

[greyhawk]

It seems every generation of bitcoiners just has to learn hard lessons on their own. FFS if experienced bitcoiners like so not modest myself who warned other about exactly this shit long before mybitcoin fiasco tells you TRUST NO ONE. Pay fucking attention next time.

It never works Vlad, they never listen.

[justusranvier]

http://www.reddit.com/r/Bitcoin/comments/1blk1t/public_service_announcement_regarding_online/

[splat44]

Same thing with instawallet, I'm sure those who manage those serve are doing something to fix those!

Update for Bitcoin-Central and Paytunia (only showing on paytunia.com, seems they are a bit confused with the many URLs they have):

Oddly enough, Bitcoin-Central is down at the moment. Not showing anything.

I guess you are not using firefox.

The problem with bitcoin-central and paytunia is this:

<sup>Secure Connection Failed
      
          An error occurred during a connection to bitcoin-central.net.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)</sup>

[Rampion]

It seems every generation of bitcoiners just has to learn hard lessons on their own. FFS if experienced bitcoiners like so not modest myself who warned other about exactly this shit long before mybitcoin fiasco tells you TRUST NO ONE. Pay fucking attention next time.

It never works Vlad, they never listen.

But it's unbelievable. Never trust third party wallets with more than pocket is money is so clear everywhere. It's so up in the wiki that you learn this in the first hour reading about bitcoin.

[greyhawk]

Same thing with instawallet, I'm those who manage those serve are doing something to fix those!

Instawallet? Instawallet is dead, kaput, it has served it's last bit(coin).

[greyhawk]

But it's unbelievable. Never trust third party wallets with more than pocket is money is so clear everywhere. It's so up in the wiki that you learn this in the first hour reading about bitcoin.

2 things at work here:

a) some people are dumb

b) bitcoin's false reputation as "easy money" attracts a disproportionaly large share of a)

[Phinnaeus Gage]

this doesn't sound good at all.

Literally shitting myself

You ain't the only one! I didn't even know this was going on. I visited the site yesterday and saw it was down, but paid it no mind thinking it will be back up soon. I was in the process of storing my coins elsewhere, but didn't think I had to do it anytime soon since being assured by many on this forum that all is well.

I've even gotten others to use InstaWallet recently, sending them coins to show how easy it is.

My stomach is totally in knots right now, and I've only begun to read this thread.

Madness!!!

~Bruno K~

[SgtSpike]

this doesn't sound good at all.

Literally shitting myself

You ain't the only one! I didn't even know this was going on. I visited the site yesterday and saw it was down, but paid it no mind thinking it will be back up soon. I was in the process of storing my coins elsewhere, but didn't think I had to do it anytime soon since being assured by many on this forum that all is well.

I've even gotten others to use InstaWallet recently, sending them coins to show how easy it is.

My stomach is totally in knots right now, and I've only begun to read this thread.

Madness!!!

~Bruno K~

Wait, YOU were storing your BTC on instawallet??

[greyhawk]

c) people take stupid risks even though they know better.

[Phinnaeus Gage]

Just got to page 7, and now have shit to do after I take a shit (seriously). I is not a happy camper now.

Have Chainsaw - Will Travel

[HATA28]

This is a really fucked up situation, especially for the ones that were actually using instawallet.org
However, Paymium says you can claim your BTC back.
We don't know what exactly caused this 'hack', we can only speculate.
Therefore, I think we can't blame Paymium for what happened, at least not yet.

Come on guys, try to stay positive.
After all, it's just money.

http://i47.tinypic.com/2zhqdd0.jpg

[Severian]

Too bad nobody is gong to listen to the above.

This is evolution in action. In two years, should Bitcoin still be chugging along, paper wallet holders will still have bitcoins while the trusting will be wondering what happened to theirs. Since Bitcoin is decentralized by nature, it will ultimately force its users to be decentralized also. The learning curve is a painful one for those that let the glitter overtake common sense.

[steelboy]

Positivity is the key now I think.

Vlad, you are right. It's our fault. (I was in the process of sorting out the armory on Friday). Give me a break though mate, still smarting here.

Lets assume the hacker has all the urls. I assume he will argue any large balances with the rightful owner. What if their was documented proof of owning the URL for a while. I assume the hacker has only has access in the last few weeks.  

What do you think?

[Rampion]

Vladimir Law: "chances of a 3rd party running away with your bitcoins asymptotically approaches 100% over time"

"run away" includes "getting 'hacked'"

It is basically the same as amount of mined bitcoins asymptotically approaches 21 million.

People! FFS! Figure out brainwallets, paper wallets and best of all truecrypt containers, preferably with a hidden partition and decoy partition and standard bitcoin-qt with encrypted wallet.dat. Do not forget your pass phrases but still use very strong ones.

Store not only encrypted images but truecrypt distribution/installation too.

This is all you need to know and do.

Remember risk management formula: Risk = Asset * Vulnerability * Threat. This means you can trust 3rd parties for small amount of BTC for short time. The smaller the amount and the shorter the time, the better. In this case Risk is acceptable. For large amounts and long time you simply cannot trust 3rd parties without taking on disproportional risks.

Too bad nobody is gong to listen to the above. No matter how often I (and others) repeat it. So fuck you, you deserve all your coins to be stolen eventually then.

I hate blaming the victims, but people you should have more sense. Phinnaeus Gage, I am really sorry, hopefully it was a trivial amount.

I wouldn't rely on Truecrypt for very serious stuff. Code was not scrutinized by the community. This is why TAILS do not include it. I would prefer GPG.

But for not so serious stuff a hidden volume of TC is pretty nice... And if you add stenography and of course offline storage only you will be pretty safe.

[repentance]

This is a really fucked up situation, especially for the ones that were actually using instawallet.org
However, Paymium says you can claim your BTC back.
We don't know what exactly caused this 'hack', we can only speculate.
Therefore, I think we can't blame Paymium for what happened, at least not yet.

Of course you can blame them. People can't access their funds for at least 90 days because of some security breach. It's the job of those operating a service to ensure its security can't be breached and vulnerabilities in Instawallet were made public a week ago. 

[shamntalk]

This is going to hurt. And I don't just mean the 200 bucks I've just lost, it's going to hurt hard on bitcoin.

[repentance]

Actually that has happened the moment they went public with their braindead idea of having "proxy private keys" for BTC addresses in URL. Was it one or two years ago I do not quite remember.

I don't recall the fact that you could access (actually access, as opposed to theoretically) the accounts of other users being publicly discussed until last week, although when it was being discussed last week quite a few people mentioned having been aware of it for some time.

They still needed to take the service offline for a security audit when that particular vulnerability became a topic for discussion last week, because nothing was more certain than people trying to exploit that one and looking for other vulnerabilities as well (as well as looking for similar vulnerabilities in other services).

[HATA28]

This is a really fucked up situation, especially for the ones that were actually using instawallet.org
However, Paymium says you can claim your BTC back.
We don't know what exactly caused this 'hack', we can only speculate.
Therefore, I think we can't blame Paymium for what happened, at least not yet.

Of course you can blame them. People can't access their funds for at least 90 days because of some security breach. It's the job of those operating a service to ensure its security can't be breached and vulnerabilities in Instawallet were made public a week ago. 

Dude come on, this is the problem of the whole fucking society.
People just blaming each other because they don't have the balls to take responsibility for it themselves.
If you store your money somewhere, YOU are responsible. It is YOUR money. If you want to be absolutely sure it won't disappear in a financial crisis, you have to hold on to it yourself.

If you drink too much Heineken beer, you are responsible for the consequences. You can not blame Heineken because they provided it.
You are always the only one responsible for your own actions.

In this case; Ofcourse, people trusted their money to Instawallet. But if you trust something or someone, that's a risk you are taking yourself. It is like losing bitcoins, after a big correction. You can't blame the economy for it, it was your risk to take, and you didn't have to take it.

Don't walk away from you responsibility, and be happy Paymium is at least trying to come up with a solution.

[cho]

Too bad nobody is gong to listen to the above. No matter how often I (and others) repeat it. So fuck you, you deserve all your coins to be stolen eventually then.

After having read your trolling but insightful post, I, for one, will actually improve my cold storage strategy. Thx to you for that.