Another Web Wallet Bites the Dust:

This time it is


Hash: SHA1

Two hacks totalling about 4100 BTC have left unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.

Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10; (most likely another compromised server).

What about my coins there? If you stored more than 1 BTC, send an email to with a Bitcoin address (preferably, an offline, open source light/SPV wallet like Multibit or Electrum). Use the same email you're using on Inputs. Please don't store Bitcoins on an internet connected device, regardless of it is your own or a service's.

I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement.

Version: GnuPG v1.4.11 (GNU/Linux)


Access if you want to verify your balance, look up your transactions, etc. Don't add coins.

Taken from their homepage. At the moment if you had a balance there it appears you can try to make a claim, partial payments so far seem to be going through. In the past though hoping and waiting hasn't generally made people whole even when personal assets were proposed as a backstop against losses. Time should tell soon how this situation plays out.

If you keep Bitcoin on a web wallet seriously stop that shit. The one redeeming feature of was its off chain transactions. I'm only out a few tens of mBTC in this incident, but this continues to show that the model of security that was fit on the web to secure email and twitter accounts is in all likely hood entirely insufficient to secure Bitcoins.

Adding insult to injury was apparently hosted on Linode long after they were determined to be unfit for continued use, much less for a task as important as storing Bitcoins.1 May this be the last warning, stop keeping coin you can't afford to lost on web services.

  1. as a service didn't come into existence until the summer of 2013.  

One thought on “Another Web Wallet Bites the Dust:

  1. Pingback: The Worst State of the Union | Bingo Blog

Leave a Reply

Your email address will not be published. Required fields are marked *