Bitcoin Forum
November 15, 2024, 02:34:14 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they believe that the creator of this topic displays some red flags which make them high-risk. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 [14]  All
  Print  
Author Topic: New 400 BTC Bounty Pales Roger Ver's 37.6 BTC Bounty for Return of Stolen BTC  (Read 18419 times)
BlueBitAUT
Full Member
***
Offline Offline

Activity: 122
Merit: 100


View Profile
June 19, 2014, 11:44:09 AM
 #261

Phinn's silence on this thread is worrisome...

I assume because he doesn't really have anything else to add. The only useful information he can provide is the two InstaWallet URLs and the approximate balances, which InstaWallet has no record of. Bruno either needs to find additional information or take legal action. Presumably legal action would a difficult route if this is all the information he has.

That was exactly my point. He wrote a thousand words of "this and that" etc.
but fails to give useful information/answers to additional questions that came up
(and could easily help solve his problems).

I / we just asked for a simple, clean list styled summary / protocol of what exactly happend, how and when...
just to help finding a approval that he really had those funds, in the first step.

If we could track down (one of the) the addresses / transactions involved, anyhow, based on all those "missing links" that we were asking for,
because we couldn't dig that out of those dozens "walls of text"... I'd guess, he would come a big step closer to his coins.

So, if his claims are for real or not,...
as someone stated before, if he wants help from one or another side (us or lawyers, or whatever), he has to do this list anyway.
And also has to be ready to answer questions like "have you already tried this..." or "can you maybe get some more details on that..."
in a timely manner!

It is unnecessary to say that, as long as PG isn't going to "support" / work with the people that want(ed) to help him,
all of the already taken, and also, any further efforts are rendered useless.
*shrugs*

JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
June 19, 2014, 12:42:53 PM
 #262

Those two urls are not found in instawallet systems or backup.
Thats why we are trying (or should I say we were) to find some hints.
I see.  If anyone stlll cares, please:

I presume that the search was done by the InstaWallet owners themselves?

Are the two URLS at least self-consistent (right format, numbers in plausible range, encrypted with the InstaWallet public key, whatever)?  Could they be forged by a hacker, or have come from some other similar service?  Did BK say how he kept or recovered them?

Are there other similar claims against InstaWallet from other ex-clients?


Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
Marlo Stanfield
Sr. Member
****
Offline Offline

Activity: 490
Merit: 280



View Profile
June 20, 2014, 05:48:57 PM
 #263

Those two urls are not found in instawallet systems or backup.
Thats why we are trying (or should I say we were) to find some hints.
I see.  If anyone stlll cares, please:

I presume that the search was done by the InstaWallet owners themselves?

Are the two URLS at least self-consistent (right format, numbers in plausible range, encrypted with the InstaWallet public key, whatever)?  Could they be forged by a hacker, or have come from some other similar service?  Did BK say how he kept or recovered them?

Are there other similar claims against InstaWallet from other ex-clients?



I'd like to know if the wallet address is consistent with the format as well.

And there are lots and lots of people with claims that haven't been paid yet.
laurentmt
Sr. Member
****
Offline Offline

Activity: 384
Merit: 258


View Profile
June 27, 2014, 09:05:09 PM
 #264

FYI, I've published the result of my "investigation" in the french forum.
There's no english translation but here's a short summary.

Context

3 IW urls were claimed by PG but the IW team was unable to spot 2 of them

The IW team has asked PG to provide adresses or transactions related to these 2 wallets but PG was unable to provide this kind of information.

The IW team has developed a set of scripts to parse the blockchain in order to:
  - build a list of bitcoin addresses corresponding to IW deposit addresses
  - check if any of these addresses has transactions matching informations sent by PG.
No matching address was found by the IW team.

Analysis

I've followed these steps:
  - parsing of the blockchain to identify transactions (and addresses) matching information given by PG (date, amounts, hours)
  - development of a script similar to the one implemented by the IW team, in order to list IW addresses
  - matching of the 2 sets
No significant result was found.

Then, I've analyzed the principles of the script used to build the list of IW addresses:
- as a first step, the script lists addresses having sent coins to IW cold wallet. These addresses are considered as IW deposit addresses.
- in a second step, the script uses an heuristic named "multi-inputs transactions" in order to find additional IW addresses.
- the second step is repeated recursively.

The main hypothesis associated to this script is that it allows to list all IW deposit addresses. IW was a shared wallet mixing coins from all deposit addresses, thus it may sound like a reasonable hypothesis. But it appears that some cases break this assumption. One such case is when coins sent to a deposit address are consumed alone before having a chance to be sent to the cold wallet.

Activity of the cold wallet during December 2012 shows that no coin was sent to the cold wallet between 12/08 and 12/26. In fact, during this timespan, the flow was reversed (5,500btc sent from the cold wallet to the hot wallet) surely indicating a period with more withdrawals than deposits. This period also corresponds to the period indicated by PG for his initial deposit and his splitting operation. Thus, it doesn't seem unlikely that the funds deposited by PG may have been consumed during this period and can't be found by the recursive script.

This hypothesis would explain why the IW team was unable to find transactions and addresses matching information given by PG.
WRT missing urls, one of my hypotheses is that IW db may have been altered by hackers to hide that some funds had been stolen (wallets deleted from db).

Next steps

IMHO, it's required to use a backup of the IW bitcoind, in order to export the full list of addresses and be sure to avoid false negative results.
Thus, I've forwarded all results and information to the IW team. It should allow them to investigate the case further.
Marlo Stanfield
Sr. Member
****
Offline Offline

Activity: 490
Merit: 280



View Profile
June 29, 2014, 03:24:56 PM
 #265

FYI, I've published the result of my "investigation" in the french forum.
There's no english translation but here's a short summary.

Context

3 IW urls were claimed by PG but the IW team was unable to spot 2 of them

The IW team has asked PG to provide adresses or transactions related to these 2 wallets but PG was unable to provide this kind of information.

The IW team has developed a set of scripts to parse the blockchain in order to:
  - build a list of bitcoin addresses corresponding to IW deposit addresses
  - check if any of these addresses has transactions matching informations sent by PG.
No matching address was found by the IW team.

Analysis

I've followed these steps:
  - parsing of the blockchain to identify transactions (and addresses) matching information given by PG (date, amounts, hours)
  - development of a script similar to the one implemented by the IW team, in order to list IW addresses
  - matching of the 2 sets
No significant result was found.

Then, I've analyzed the principles of the script used to build the list of IW addresses:
- as a first step, the script lists addresses having sent coins to IW cold wallet. These addresses are considered as IW deposit addresses.
- in a second step, the script uses an heuristic named "multi-inputs transactions" in order to find additional IW addresses.
- the second step is repeated recursively.

The main hypothesis associated to this script is that it allows to list all IW deposit addresses. IW was a shared wallet mixing coins from all deposit addresses, thus it may sound like a reasonable hypothesis. But it appears that some cases break this assumption. One such case is when coins sent to a deposit address are consumed alone before having a chance to be sent to the cold wallet.

Activity of the cold wallet during December 2012 shows that no coin was sent to the cold wallet between 12/08 and 12/26. In fact, during this timespan, the flow was reversed (5,500btc sent from the cold wallet to the hot wallet) surely indicating a period with more withdrawals than deposits. This period also corresponds to the period indicated by PG for his initial deposit and his splitting operation. Thus, it doesn't seem unlikely that the funds deposited by PG may have been consumed during this period and can't be found by the recursive script.

This hypothesis would explain why the IW team was unable to find transactions and addresses matching information given by PG.
WRT missing urls, one of my hypotheses is that IW db may have been altered by hackers to hide that some funds had been stolen (wallets deleted from db).

Next steps

IMHO, it's required to use a backup of the IW bitcoind, in order to export the full list of addresses and be sure to avoid false negative results.
Thus, I've forwarded all results and information to the IW team. It should allow them to investigate the case further.


Wow. Good work. It's nice to see that people are still on this. Despite Bruno's very bizarre sudden lack of interest. Hopefully he sticks his head in here to acknowledge you.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
June 29, 2014, 03:39:58 PM
 #266

Despite Bruno's very bizarre sudden lack of interest. Hopefully he sticks his head in here to acknowledge you.

User @Phinnaeus_Gage (who has by far the largest number of posts on this forum) has been inactive since 2014-06-17, 18:38:34 https://bitcointalk.org/index.php?action=profile;u=24792

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
Marlo Stanfield
Sr. Member
****
Offline Offline

Activity: 490
Merit: 280



View Profile
June 29, 2014, 06:50:43 PM
 #267

Despite Bruno's very bizarre sudden lack of interest. Hopefully he sticks his head in here to acknowledge you.

User @Phinnaeus_Gage (who has by far the largest number of posts on this forum) has been inactive since 2014-06-17, 18:38:34 https://bitcointalk.org/index.php?action=profile;u=24792

Oh. That's kind of scary actually considering the amount of posts he makes targeting people while at the same time posting his home address. I bet he's fine, but he does go out of his way to invite trouble. I hope nothing has happened to him.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
June 29, 2014, 10:17:25 PM
 #268

Oh. That's kind of scary actually considering the amount of posts he makes targeting people while at the same time posting his home address. I bet he's fine, but he does go out of his way to invite trouble. I hope nothing has happened to him.
Indeed, considering the number of people he has fished embarassing things about, including people with means (and history) of suing people, it is highly likely that he got at least a letter from a lawyer threatening a lawsuit.

Or he simply may have given up hope of recovering his lost bitcoins, and got fed up with a community that, by and large, is indifferent to crime.  When they do not side with the criminals against ther victims.

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
June 29, 2014, 10:35:05 PM
 #269

FYI, I've published the result of my "investigation" in the french forum.
[...]Activity of the cold wallet during December 2012 shows that no coin was sent to the cold wallet between 12/08 and 12/26. In fact, during this timespan, the flow was reversed (5,500btc sent from the cold wallet to the hot wallet) surely indicating a period with more withdrawals than deposits. This period also corresponds to the period indicated by PG for his initial deposit and his splitting operation. Thus, it doesn't seem unlikely that the funds deposited by PG may have been consumed during this period and can't be found by the recursive script.

This hypothesis would explain why the IW team was unable to find transactions and addresses matching information given by PG.
Indeed.  This finding seems to render the IW team analysis of the blockchain irrelevant.  They looked in the wrong place, so no wonder they did not find anything.  

Assuming that BK was unaware of the flow between the hot and cold wallets, this finding also restores the credibility to his claim.  Back to square zero?

However, wouldn't the hot wallet be caught by the recursive script during its first pass?

WRT missing urls, one of my hypotheses is that IW db may have been altered by hackers to hide that some funds had been stolen (wallets deleted from db).
I don't know how  InstaWallet worked.  Is it possible that BK was the victim of a phishing-style attack?  Say, he was led to a fake IW site, or the real IW server was hacked to divert some client deposits to an address that did not belong to InstaWallet, and omit those accesses from the database?

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
laurentmt
Sr. Member
****
Offline Offline

Activity: 384
Merit: 258


View Profile
June 30, 2014, 12:47:00 PM
 #270

Indeed.  This finding seems to render the IW team analysis of the blockchain irrelevant.  They looked in the wrong place, so no wonder they did not find anything.  
Assuming that BK was unaware of the flow between the hot and cold wallets, this finding also restores the credibility to his claim.  Back to square zero?
Not sure we can say that they looked at the wrong place. It's more that the view was incomplete and thus can't deliver 100% certainty. A set of addresses exported from a bitcoind backup should be more reliable.

However, wouldn't the hot wallet be caught by the recursive script during its first pass?
Well, what I call the "hot wallet" is the complete set of IW deposit addresses + some "internal" addresses generated by bitcoind (change, ...).
Some of them are caught during first pass. Some are caught later. Some are not caught at all. I was able to validate the latter for some "internal" addresses (but we do not really care about them to identify the initial deposit) and it's likely that some deposit addresses are also missed by the script during periods similar to december 2012.

I don't know how  InstaWallet worked.  Is it possible that BK was the victim of a phishing-style attack?  Say, he was led to a fake IW site, or the real IW server was hacked to divert some client deposits to an address that did not belong to InstaWallet, and omit those accesses from the database?
IW was a shared wallet. Imagine that you share your bitcoin wallet with others users. Each user has one "personal" deposit address to receive coins but withdrawals are done from any subset of addresses found in the wallet with enough coins to fund the transaction. Data required to know users' balances and transactions are recorded in an external database.

Phishing attack is another possible hypothesis. I've also heard that there has been some scam attempts with a fake IW website running on TOR.
Records deleted from the internal ledger is just an hypothesis among several others. Its main difference is that it can be checked by comparing content of db backups. There's also a message posted by Phinnaeus Gage on March 2013 (15 days before the service was shutdown) which seems to confirm that everything was ok at this date.
hdbuck
Legendary
*
Offline Offline

Activity: 1260
Merit: 1002



View Profile
July 02, 2014, 12:20:35 PM
 #271

PG is on holidays.
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
July 02, 2014, 12:34:57 PM
 #272

Quote
I don't know how  InstaWallet worked.  Is it possible that BK was the victim of a phishing-style attack?  Say, he was led to a fake IW site

While possible, I find it hard to believe that a phishing attack would be practically executed. I've never heard of an actual instawallet phishing site, other than the one on Tor.

Quote
or the real IW server was hacked to divert some client deposits to an address that did not belong to InstaWallet, and omit those accesses from the database?

That's an interesting theory. Practically this attack wouldn't be so easy - it can't just be a simple address replace, but it also needs to hook into balance checks, etc.


One thing I'm not sure that's been discussed here is if the IW team still has web server access logs, and if they do, simply grep through them for the addresses? The hacker of instawallet probably didn't go through the trouble of erasing the logs for specific wallets.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
July 02, 2014, 04:44:15 PM
 #273

One thing I'm not sure that's been discussed here is if the IW team still has web server access logs, and if they do, simply grep through them for the addresses? The hacker of instawallet probably didn't go through the trouble of erasing the logs for specific wallets.
^THIS!

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 [14]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!