A little history (as I understand it):

'Instawallet' was conceived of and implemented by a user named ~jav.  He seemed to me like a pretty straight up guy.

~jav got tired of it and/or busy and ~davout adopted it because 'it was to cool to let die' or something along those lines.  I don't recall if I started using it before or after this switch.

It would make perfect sense to me if ~jav never really put in the effort to adequately secure the thing.  It would be a good reason to drop it since such work would be tedious.  Remember, back in those days BTC were not worth anything near what the are today.

It would also make sense that ~davout never got around to either evaluating th implementation, or doing the necessary security work (assuming he was even capable.)  He has likely been very busy with other projects.  In short, it would not surprise me if it were true that theft of the database would result in loss of the URL's.

As I recall, ~jav open-sourced it and ~davout just took his work so perhaps some of these conjectures about at least the original ~jav vintage implementation could be verified.  A good task to run down at a later date since it is late tonight and I'm tied up most of tomorrow.

---

But, as I said in the other note, the ONLY thing that adequately explains the evasiveness about the supposed police report is that it is bullshit.  And the only thing that adequately explains them lying about that is that they are, in fact, the perps.

This in turn means that they have all the URL's and and all the coins and the mythical 'attackers' do not.  They could give all of them back at any time if they so chose.