tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 06, 2013, 06:51:37 PM |
|
Thanks for that info, can we please get a crime reference number so we can verify that this has been reported to the police. Many people have mentioned this but a yet no response has been given.
This info is not senstive and it will ease some peoples minds.
Indeed. This seems perfectly reasonable and appropriate...unlike calls for information about the attack vectors, internal losses, etc. If such information is not forthcoming it seems rational and appropriate for private individuals to start the ball rolling and this would be a confusing and wasteful exercise if Instawallet or it's umbrella organization has already done so. My losses are minimal and I can walk away, but it sounds like other people are not so lucky.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
April 06, 2013, 07:40:58 PM |
|
Thanks for that info, can we please get a crime reference number so we can verify that this has been reported to the police. Many people have mentioned this but a yet no response has been given.
This info is not senstive and it will ease some peoples minds.
Indeed. This seems perfectly reasonable and appropriate...unlike calls for information about the attack vectors, internal losses, etc. If such information is not forthcoming it seems rational and appropriate for private individuals to start the ball rolling and this would be a confusing and wasteful exercise if Instawallet or it's umbrella organization has already done so. My losses are minimal and I can walk away, but it sounds like other people are not so lucky. I guess it's safe to assume that since he was online for a while and read everything related to their enterprises, he simply opted to not respond to a fairly simple request: Please give us a police report number.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 06, 2013, 08:01:44 PM |
|
Thanks for that info, can we please get a crime reference number so we can verify that this has been reported to the police. Many people have mentioned this but a yet no response has been given.
This info is not senstive and it will ease some peoples minds.
Indeed. This seems perfectly reasonable and appropriate...unlike calls for information about the attack vectors, internal losses, etc. If such information is not forthcoming it seems rational and appropriate for private individuals to start the ball rolling and this would be a confusing and wasteful exercise if Instawallet or it's umbrella organization has already done so. My losses are minimal and I can walk away, but it sounds like other people are not so lucky. I guess it's safe to assume that since he was online for a while and read everything related to their enterprises, he simply opted to not respond to a fairly simple request: Please give us a police report number. True. It seems like it would be more professional to either produce the requested info or explain why it is not a good idea to do so. Ignoring the request completely is not very promising behavior. Now it is the case, in the US at least, that there can be gag orders and legitimate advice from attorneys to be quite about certain things, but these guys have already publicly claimed that they have instigated and investigation with law enforcement. Naturally effected people are going to want some independent verification of this. It's just common sense.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
nellybear
Newbie
Offline
Activity: 33
Merit: 0
|
|
April 06, 2013, 08:36:46 PM |
|
If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.
Can I please request that a very tough CAPTCHA is included on the claim form, so that the legitimate owners at least have a small chance to get their claims in first before the original attacker? I can imagine the attacker is crafting the beginnings of a script right now to automate their illegitimate claims.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 06, 2013, 08:50:12 PM |
|
If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.
Can I please request that a very tough CAPTCHA is included on the claim form, so that the legitimate owners at least have a small chance to get their claims in first before the original attacker? I can imagine the attacker is crafting the beginnings of a script right now to automate their illegitimate claims. A simplistic method of scripting this would likely lead to detection. Depending on how much info they have, I would suspect that the attackers will have chosen the higher valued wallets and will have actual humans lined up to make fraudulent claims from various innocuous IP addresses. Maybe even the legitimate user's normal network if they have the access logs and a decent collection of compromised machines at their disposal. The CAPTCHA idea is a good one though. Certainly won't hurt anything (though I myself have a bitch of a time with them as often as not.)
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
nellybear
Newbie
Offline
Activity: 33
Merit: 0
|
|
April 07, 2013, 08:44:14 AM |
|
It is against the law (at least in the US, not sure about European countries) to display favoritism to one creditor vs another when you know the company is insolvent.
I doubt this would apply even if the law holds where Instawallet is based. The money in the accounts wasn't being "borrowed" by Instawallet, so depositors aren't strictly creditors any more than if I left a dog at a boarding kennel while I go on vacation that I'm a creditor to the kennel.
|
|
|
|
steelboy
|
|
April 07, 2013, 09:13:46 AM |
|
What I would like to know is where is the proceeds of my withdrawal I made on the 29th Mar from Bitcoin-central. If this is an instawallet issue why am I affected?
I am also waiting on a response about this. I have emailed,phoned and Pm'd. No reply as yet. I replied to your PM. Additionnally, I am opening a thread about bitcoin-central resuming services. Hi I'm afraid you didn't reply to my question at all. I understand your claim process for wallets but I asked specifically about money that was sent out of a wallet before the hack. I am afraid we have more questions than answers at this time: how do we know that your transaction happened "before" the hack ? We know only for sure that the service suspension happened after the hack. Until we are sure of that, we need to gather as much information as we can (in the 90 day period). You will have the opportunity to cryptographically prove the ownership of your wallet but we are going to favor thoroughness and fairness over speed. Actually just thinking about this that still seems wrong. After sending the money out of my wallet i am met with a message saying the bitcoins have been sent and the total in the wallet is 0btc. This transaction should have been completed. I received coins to the same wallet AFTER this transaction from another wallet. I think there is no doubt as to the fact that I am due these coins. Boussac, I appreciate you must be busy and you have a lot to deal with however I feel this should be completed as soon as possible. I would do this privately with PMs but so far the responses from paymium/instawallet have been unsatisfactory to say the least. Look forward to your response
|
|
|
|
nellybear
Newbie
Offline
Activity: 33
Merit: 0
|
|
April 07, 2013, 10:24:47 AM |
|
Actually just thinking about this that still seems wrong. After sending the money out of my wallet i am met with a message saying the bitcoins have been sent and the total in the wallet is 0btc.
This transaction should have been completed. I received coins to the same wallet AFTER this transaction from another wallet. I think there is no doubt as to the fact that I am due these coins.
Hi steelboy, I can't speak for the Instawallet/Paymium/Paytunia people but I was under the impression that they were bundling up transactions rather than send each one onto the network as an individual broadcast, probably to save on fees and have them processed faster overall. I'm wondering if your transaction in question was queued up to be in a bundle that never occurred as their BTC movements must have switched off partway through some people's transactions.
|
|
|
|
AndreyE
Member
Offline
Activity: 86
Merit: 10
|
|
April 07, 2013, 11:14:55 AM |
|
I wrote to insta a letter a few minutes after I saw my money dissappear before my eyes! Never received a reply.
There will be no refunds, I don't believe in it, because I don't think all those who learnt a lesson are going to use any of these services again.
That's it, the money is "stolen" and I don't think owner is selling his house not because he is moving to Mexico, but because he wants to pay us back. lol.
|
|
|
|
trout
|
|
April 07, 2013, 02:07:45 PM |
|
That's it, the money is "stolen" and I don't think owner is selling his house not because he is moving to Mexico, but because he wants to pay us back. lol.
no need selling a house. We know for sure that they have over 14000 BTC not stolen. Note also that instawallet has been around for years, since the time BTC was under 1$. People were losing their wallets URL during all this time. So lots of wallets with large amounts of BTC are not going to be claimed by legitimate owners. There are many unknowns here: how much wallets were "lost" this way, how much money was stolen, how much info the hacker was able to get... but from my guesstimante, the instawallet owners will have enough funds to pay to all legitimate owners that still have their wallet URLs.
|
|
|
|
pyedpyper
|
|
April 07, 2013, 03:18:02 PM Last edit: April 07, 2013, 06:47:43 PM by pyedpyper |
|
Dear Boussac,
Firstly, thank you for starting an open process of communication with Instawallet users. This is a very good start.
However, there is still much to be desired in your communication in terms of completeness and transparency.
To state upfront: I am an Instawallet user with slightly less than 100 BTC across two Instawallets – not a fortune, but neither a trivial amount, and one I have no intention of losing.
So I will be addressing you from my personal perspective, but I am also writing in support of all the other Instawallet users that have been inconvenienced by this recent alleged hack. And I say “alleged” as no-one yet knows the full truth of it.
I would like to believe that you and your company are honest, and the facts stated thus far are correct. However your less than transparent and forthcoming communication to date points to something not right, and in my opinion creates the perception of dishonesty.
I wish to give you the opportunity to correct (this hopefully incorrect) perception by making a full and transparent disclosure related to the questions I will be proposing to you below. None of these questions are of the kind that it would not be appropriate to be forthcoming about.
If you choose to not answer them then I will read that as a deliberate decision to deceive or to hide, and I will take that as a sign of something fraudulent going on. The logical outcome of that is that I will be contacting both the French Embassy in my country and the Embassy of my country in France and initiating a discussion with both of them about how to open a criminal enquiry against Paymium.
If you feel that any of my questions should, for good reasons, not be answered, then you may provide that reason and I will consider it on its merits. I am a very reasonable man, as I am sure are your other Instawallet account holders. However I think you underestimate the backlash you will suffer from these many reasonable people if you do not deal with this situation professionally, ethically and perfectly honestly. Please do not make the mistake of thinking you are dealing with a bunch of kids who will just roll over in the face of something that reveals itself to be bullshit. That would be a costly error of judgement in my opinion.
All that being said I am proceeding in good faith and in the belief that Paymium is an honest company, that your communications have been truthful, and that you have a genuine desire to make right on this situation. So please answer the following questions:
1. Please state your full real name and your current position with Paymium (and whether you are a shareholder, director or employee).
2. Please confirm that you have formal authorisation from the board of Paymium to be communicating on behalf of the company on this forum.
3. Please provide the case number and filing date of the report you state Paymium has filed with the police.
4. Please provide Paymium’s formal contact details: office address and telephone number.
5. Please state whether the alleged hack resulted in the loss of coins under Paymium’s control. A simple YES or NO is adequate at this point. If you wish to elaborate you may, but I am not requesting that.
6. If coins were lost please state if these happened by (A) the hacker accessing Instawallet accounts directly via their URLs, or (B) by accessing other “internal” wallets controlled by Paymium, or (C) by some other method.
7. Your comments thus far suggest that the alleged hacker has acquired some or all of the URLs for accessing Instawallet user wallets. Please confirm whether this is the case or not.
8. If the answer to (7) is YES, then please state if these URLs were stored in encrypted form or not.
9. If the answer to (7) is NO, then please state why there needs to be a claims process at all.
10. Your stated claims process on the Instawallets site states: “If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.”. Please will you describe the logic of that? If a hacker has the URLs then surely he can file a claim as quickly as any legitimate account holder? And if you’re assuming that the first claim is likely to be the more “legitimate” one then why wait 90 days? Your logical methodology makes little sense and I would appreciate clarification.
11. You also state that “Claims for wallets that hold a balance greater than 50 BTC will be processed on a case by case and best efforts basis.” Please clarify why the “arbitrary” figure of 50 BTC has been chosen. This comment suggests that you have lost a certain number of coins and need to limit your total payout to what you have left. Please confirm if this is how it is, or if there is another reason for this figure?
12. From your communications it is clear that Paymium’s servers were hacked and this affected all your services – Instawallet, Paytunia and Bitcoin Central. It also seems evident that you suffered financial loss of some kind. Please explain how that loss directly affects Instawallet clients and not Paytunia and Bitcoin Central clients.
Your direct address to these questions will be a clear indication of your bona fides and intentions of good faith - and will do a lot to restore the faith in your clients that has been shaken by your less than ideal communications. I think it is reasonable to give you until midday UTC on Thursday 11 April to respond. I am posting this here in the forum, will be sending to you by PM, and also emailing to your company email account. Consider this letter open therefore. It may be posted elsewhere and will also be made available to the relevant authorities as required.
Please understand that I wish to do this in an amicable way, and I hope that you receive this communication as such. As I feel that you have dealt with this incident (at least from a communications point of view) in a somewhat cavalier fashion, I feel it incumbent on me to call you out and demand your professionalism and fuller response – which I look forward to – as I’m sure do many others.
Sincerely,
PyedPyper
|
|
|
|
steelboy
|
|
April 07, 2013, 03:22:08 PM |
|
Dear Boussac,
Firstly, thank you for starting an open process of communication with Instawallet users. This is a very good start.
However, there is still much to be desired in your communication in terms of completeness and transparency.
To state upfront: I am an Instawallet user with slightly less than 100 BTC across two Instawallets – not a fortune, but neither a trivial amount, and one I have no intention of losing.
So I will be addressing you from my personal perspective, but I am also writing in support of all the other Instawallet users that have been inconvenienced by this recent alleged hack. And I say “alleged” as no-one yet knows the full truth of it.
I would like to believe that you and your company are honest, and the facts stated thus far are correct. However your less than transparent and forthcoming communication to date points to something not right, and in my opinion creates the perception of dishonesty.
I wish to give you the opportunity to correct (this hopefully incorrect) perception by making a full and transparent disclosure related to the questions I will be proposing to you below. None of these questions are of the kind that it would not be appropriate to be forthcoming about.
If you choose to not answer them then I will read that there as a deliberate decision to deceive or hide, and I will take that as a sign of something fraudulent going on. The logical outcome of that is that I will be contacting both the French Embassy in my country and the Embassy of my country in France and initiating a discussion about how to open a criminal enquiry against Paymium.
If you feel that any of my questions should, for good reasons, not be answered, then you may provide that reason and I will consider it on its merits. I am a very reasonable man, as I am sure are your other Instawallet account holders. However I think you underestimate the backlash you will suffer from these many reasonable people if you do not deal with this situation professionally, ethically and perfectly honestly. Please do not make the mistake of thinking you are dealing with a bunch of kids who will just roll over in the face of something that reveals itself to be bullshit. That would be a costly error of judgement in my opinion.
All that being said I am proceeding in good faith and in the belief that Paymium is an honest company, that your communications have been truthful, and that you have a genuine desire to make right on this situation. So please answer the following questions:
1. Please state your full real name and your current position with Paymium (and whether you are a shareholder, director or employee).
2. Please confirm that you have formal authorisation from the board of Paymium to be communicating on behalf of the company on this forum.
3. Please provide the case number and filing date of the report you state Paymium has filed with the police.
4. Please provide Paymium’s formal contact details: office address and telephone number.
5. Please state whether the alleged hack resulted in the loss of coins under Paymium’s control. A simple YES or NO is adequate at this point. If you wish to elaborate you may, but I am not requesting that.
6. If coins were lost please state if these happened by (A) the hacker accessing Instawallet accounts directly via their URLs, or (B) by accessing other “internal” wallets controlled by Paymium, or (C) by some other method.
7. Your comments thus far suggest that the alleged hacker has acquired some or all of the URLs for accessing Instawallet user wallets. Please confirm whether this is the case or not.
8. If the answer to (7) is YES, then please state if these URLs were stored in encrypted form or not.
9. If the answer to (7) is NO, then please state why there needs to be a claims process at all.
10. Your stated claims process on the Instawallets site states: “If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.”. Please will you describe the logic of that? If a hacker has the URLs then surely he can file a claim as quickly as any legitimate account holder? And if you’re assuming that the first claim is likely to be the more “legitimate” one then why wait 90 days? Your logical methodology makes little sense and I would appreciate clarification.
11. You also state that “Claims for wallets that hold a balance greater than 50 BTC will be processed on a case by case and best efforts basis.” Please clarify why the “arbitrary” figure of 50 BTC has been chosen. This comment suggests that you have lost a certain number of coins and need to limit your total payout to what you have left. Please confirm if this is how it is, or if there is another reason for this figure?
12. From your communications it is clear that Paymium’s servers were hacked and this affected all your services – Instawallet, Paytunia and Bitcoin Central. It also seems evident that you suffered financial loss of some kind. Please explain how that loss directly affects Instawallet clients and not Paytunia and Bitcoin Central clients.
Your direct address to these questions will be a clear indication of your bona fides and intentions of good faith - and will do a lot to restore the faith in your clients that has been shaken by your less than ideal communications. I think it is reasonable to give you until midday UTC on Thursday 11 April to respond. I am posting this here in the forum, will be sending to you by PM, and also emailing to your company email account. Consider this letter open therefore. It may be posted elsewhere and will also be made available to the relevant authorities as required.
Please understand that I wish to do this in an amicable way, and I hope that you receive this communication as such. As I feel that you have dealt with this incident (at least from a communications point of view) in a somewhat cavalier fashion, I feel it incumbent on me to call you out and demand your professionalism and fuller response – which I look forward to – as I’m sure do many others.
Sincerely,
PyedPyper
+1 What annoys me more than anything else is the figure of 50btc. Why should people with more than that total be dealt with differently. It does just seem like a figure that has been pulled out of thin air.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 07, 2013, 06:20:52 PM |
|
Dear Boussac,
Firstly, thank you for starting an open process of communication with Instawallet users. This is a very good start.
However, ... <trimmed for brevity>
pyedpyper, Your letter was well written and captured my own posture on the matter very closely. I found almost all of the questions asked to be fair and realistic. My losses are not great and not as great as yours. In my case, they are a small fraction of my BTC holdings, and partially out of a desire to promote the general health of the Bitcoin network which defines the value of my main stash it would be worthwhile to me to see attacks on the system resolved as thoroughly and professionally as possible. Thus, I feel inclined to join you in any formal and well thought out efforts to proceed on this adventure if necessary and if my participation may be helpful. Hopefully the organization responsible for Instawallet will demonstrate professionalism in reaching the best resolution possible and nothing very onerous or expensive will be necessary. While I always considered the funds I had with Instawallet to be disposable, the fact that it was associated with an organization which appeared to be on a healthy business trajectory played a part in my decisions about how much to keep there. Further, the fact that 'Paymium family' choose to continue to operate Instawallet with their name on it was, to me, a valid reason to believe that they considered it security hardened enough to withstand attack. Please feel free to PM me if need be. I'm an American citizen BTW.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
April 07, 2013, 07:18:29 PM |
|
Thank you, pyedpyper. Very well-written letter.
The more I look into Paymium, the more contrived the information of all the principles seems to me. I'm seeing a lot of crossing linking to each others names, with not much linking to prior entities. I honestly don't feel good about this situation.
Perhaps, at least, a police report would put some ease on the situation.
|
|
|
|
AndreyE
Member
Offline
Activity: 86
Merit: 10
|
|
April 07, 2013, 07:20:25 PM |
|
Has the process started already? It's gotta be rather simple form why it takes so long.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 07, 2013, 07:24:54 PM |
|
Thank you, pyedpyper. Very well-written letter.
The more I look into Paymium, the more contrived the information of all the principles seems to me. I'm seeing a lot of crossing linking to each others names, with not much linking to prior entities. I honestly don't feel good about this situation.
Perhaps, at least, a police report would put some ease on the situation.
Time for a little of the infamous Phinnaeus Gage Google-fu? Do some good work and I have a feeling that your BTC stash will start to re-builld itself.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
mrbitbank
Newbie
Offline
Activity: 48
Merit: 0
|
|
April 07, 2013, 07:29:31 PM |
|
pyedpyper: I thank you for putting into words exactly how I also feel about this affair, I am sure that many of us could not have penned such a letter any better. Boussac for your information please also consider me a signatory to this letter which has my support too.
|
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
April 07, 2013, 07:35:39 PM |
|
Dear Boussac,
......... Sincerely,
PyedPyper
As thoughtful as this letter is- it might not be possible for them to answer. Even if there had been no funny-business any legitimate company would hire a lawyer that would advise answering none of these questions. What if they were to answer you wrongly about one of these questions? Perhaps just from not 100% understanding the situation? You or someone else would turn around and go after them about that later. It's a legitimate letter, but I think any lawyer would advise "no comment". It's just too risky to tell you the truth- innocent or not. Indeed, perhaps the things you point out in your letter about their "50BTC" limit, or "first come first serve" might be the result of them trying to come up with a clear, concise, and honest communication to the community, as quick as possible, the only result of which is more accusations and mistrust.
|
more or less retired.
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 07, 2013, 07:46:57 PM |
|
Dear Boussac,
......... Sincerely,
PyedPyper
As thoughtful as this letter is- it might not be possible for them to answer. Even if there had been no funny-business any legitimate company would hire a lawyer that would advise answering none of these questions. What if they were to answer you wrongly about one of these questions? Perhaps just from not 100% understanding the situation? You or someone else would turn around and go after them about that later. It's a legitimate letter, but I think any lawyer would advise "no comment". It's just too risky to tell you the truth- innocent or not. Indeed, perhaps the things you point out in your letter about their "50BTC" limit, or "first come first serve" might be the result of them trying to come up with a clear, concise, and honest communication to the community, as quick as possible, the only result of which is more accusations and mistrust. This is true, and is a good point. In that case I would expect the lawyer to draft the response or at the very least to give verifiable evidence that the matter is being perused with the utmost professionalism and in a way that would be most likely to result in a resolution which is favorable to the effected parties. Failing that, it is completely reasonable to expect at some fraction of effected customers will do everything in their power to achieve an outcome which is in their best interests, and in doing so could add inefficiency to what could otherwise be a more smooth process.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
steelboy
|
|
April 07, 2013, 08:09:22 PM |
|
Disclaimer : I have no affiliation with Paymium. I am only a customer of Bitcoin Central. 1. Please state your full real name and your current position with Paymium (and whether you are a shareholder, director or employee).
I strongly believe Boussac's real name is Pierre Noizat, COO and co founder of Paymium. Evidences : http://www.e-ducat.fr/sample-page/ http://fr.linkedin.com/pub/dir/Pierre/Noizat (login to confirm the picture is the same) 2. Please confirm that you have formal authorisation from the board of Paymium to be communicating on behalf of the company on this forum.
He has. See above 3. Please provide the case number and filing date of the report you state Paymium has filed with the police.
There is no such thing as a "case number" in France. He could probably post a scan of the report, but I believe it would contain information that right now it would not be wise to publish. (Like what exactly happened, who they suspect if it is an insider job, and so on) 4. Please provide Paymium’s formal contact details: office address and telephone number.
The legal address if Paymium is : 73 Rue du Chateau 92100 BOULOGNE BILLANCOURT ( see here) They don't have a public phone number in the french phone book5. Please state whether (...)
Can't answer the other questions since I have no more information than anybody here. If you check street view for that address it doesn't look like much more than apartments. Like I said before I would be happy to take a trip to Paris along with any other forum members if they wanted to come. All donations from US members to go toward the trip would be repaid in full when I get my coins back. Obviously if anyone knows of a forum member already in Paris that would make it easier but I think I can get there for about 2.5-3 btc
|
|
|
|
|