However:
- The encrypted file is stored on their server
- The password used to encrypt it is send in plaintext to their server
This concept is not similar to blockchain.com, where the keys are created and encrypted client-side and only are stored on the server.
They have full access to the private keys.
Definitely not a safe way of storing a password. Usually when we think about the basics of password encryption like AES the password is automatically encrypted in the client side. In this way where the password is on a plain text the other party would also know your password since it would be readable on their part.
2) sendbit.io is donating to themselves: sendbit.io donation address:
32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq (
archived)
Outgoing
transaction to address 3AN8iJKd8VaVfczVY4Vvj8CQtMxZeNCFiP.
The very next and only
transaction from
3AN8i.. goes back to
32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq and 34Yam2jeDX348v6KtN6d21psC1gxn1o9tD.
The very next and only transaction from
34Yam2.. goes back to to
32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq and 2 other addresses (
34pVKwsP8YmyifjPBAWGnjcQKj4UNag3Gq and
38FrvmdxuHud75gQQqjA5fmp7rb3YxfrUy) which both again fund the sendbit.io donation address
32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq and other address... and so on.. This continues.
This seems very shady to me. The only reason one would do that, i can think of, is to increase their
reputation or popularity by pretending there are a lot of donations coming in.
I do have to agree with you on this one transaction spoofing is something commonly done by scammers particularly HYIP sites and Cryptocurrency doublers in order to impress the viewers and make it look like their service is real. Overall just by looking at your first two points I would say that their web wallet is not to be trusted with since they like you said are already doing a shady activity. And also the timing of the two accounts shilling this web wallet is very near to each other showing that they are somehow coordinated on promoting this possible scam.