The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture.
Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is.
Fucking maroons. For this to be true, they'd have to be storing the raw, unhashed keys from the URLs, and there's not really any good reason why they should do things this way. Simply hashing the URLs would have made it difficult or impossible for someone who got hold of the database to imitate account holders.