Instawallet Shuts Down After Disclosing a Breach

Instawallet, a Bitcoin wallet service, has "suspended indefinitely" because of fraudulent access, according to a notice on the company’s website today. It is the latest in a series of attacks and glitches to afflict businesses that work with the digital currency.

Instawallet's service is suspended “until we are able to develop an alternative architecture,” the notice said. The notice also said Instawallet’s database was fraudulently accessed, and “due to the nature of Instawallet it is impossible to reopen the service as-is.” The site did not include any other information, or a means to contact the company.

In the next few days, Instawallet says it will begin the process for balance holders to claim funds they had stored before the service interruption. The company disclosed how it would handle multiple claims from the same source: “After 90 days, if no other claim has been received for the same url, your Instawallet balance under 50 BTC will be refunded. If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.”

Instawallet’s security has come under fire recently. It was referred to as one of the most convenient, yet least secure Bitcoin exchanges by Bitcoin Magazine. The weaknesses included Instawallet’s use of URLs, or website addresses, for authentication, noting Instawallet itself recommends user not store more than some spare change for casual use. The magazine was also critical of the inability to audit Instawallet’s code.

Bitcoin, a digital currency designed to be used like cash, has increased in value and popularity recently. Though recent moves to place bitcoin transactions under U.S. regulation have given Bitcoin some legitimacy, the virtual currency has a history of attracting attacks and security issues.

Bitcoin transactions are designed to be anonymous and irreversible, making them appealing to thieves. Bitcoinica, Bitfloor and other companies have faced breaches and lawsuits over the years, Ars Technica reports. Bitcoins have also been associated with criminal activity such as drug sales.

“In general, the recent hacking attempts underscore Bitcoin's slowly evolving success while highlighting challenges and uncertainties for Bitcoin to barge ahead,” says Arkady Fridman, a senior analyst at Aite Group.

The companies that act as exchanges for bitcoins have also suffered from other problems. Mt. Gox today reported delays in trading and lags for deposits.

Bitcoin is suffering from growing pains similar to what traditional banks faced when they began transacting online, Fridman says.

“Most major banks suffered intrusions or other forms of fraud, yet the use for digital channels grows,” Fridman says.  “Consumers and businesses continue to adopt Web and mobile technologies for banking and payment services.  Similarly, Bitcoin is evolving, and I expect a few kinks along the way.”

Bitcoin proponents have said attacks and other glitches are a reflection on the exchanges, and not the currency itself. Some Bitcoin companies have also begun working with banks to increase security and demonstrate a willingness to comply with regulations.

“Security is certainly at the heart of any financial services, payments or commerce systems, and providers dealing with people's money must employ adequate standards and protocols to ensure the systems are safe. Best practices exist, but mitigating security and fraud risk is an evolving process,” Fridman says.  “To that point, I suspect the Bitcoin ecosystem will evolve to stricter controls.”