Topic: 100 BTC was stolen from my Primedice account. Please see thread. - page 5. (Read 15948 times)

Final Balance   341.69961 BTC  

https://blockchain.info/address/1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ

Wow  


Calculated how much i have: 0.00351185651% of that

I don't think that's a safe conclusion. Just because your malware scanner doesn't detect the malware doesn't mean it's not there. None of them are perfect. And being on a Mac doesn't mean you're safe.

One of the biggest whales on Just-Dice (LiKaShing) once had exactly the same thing happen, and said it must be JD's fault: he was on a Mac and couldn't find any malware so it couldn't be malware to blame. I don't think that follows.


That's easy, all dice sites have "problems". At Just-Dice we had several users get their accounts compromised and have their funds withdrawn.

Why only problems come from PrimdeDice and why always people still playing there.

Thank you Stunna, for the prompt reply and your level-headed approach. Also, I appreciate Dooglus' input and rebuttals to otrkid70's USELESS crosstalk. Seriously dude, WTF is up your ass?? You seem incredibly wound up for something that does not involve you at all. And to answer your question about the PREVIOUS 100-in-100-out transaction, that was 10 minutes worth of play because that's all I usually need. I won 20 BTC in that session and then I cashed out right after. I did this 3 times with 2 accounts in the past few days. I did it manually, like I always do when playing large hands. Some people don't want to spend their entire lives rolling dice or refreshing Bitcointalk, waiting on replies. Get it?!


Regarding previous questions:
  (1A) My computer is not shared, I am the sole user.
  (2A) No script or bot was used to roll.
  (3A) My PD password has never been used elsewhere.
  (4A) No new plugins or software was added before the problem transaction.
  (5A) I have scanned for malware and no threats were found. Note: I am on a Mac.


So right now, can we agree on the following:
  (1B) "1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ" belongs to DiceMiner (my wallet address).
  (2B) "12UrtgL7XWbM6mMfZyzSgfEoVMFMDXdFta" belongs to Primedice.
  (3B) All 100 BTC were moved from PD's wallet to "1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs" instantly afterwards.
  (4B) Then, 21 & 29 BTC moved into "1AB5fAh4eUT3vLcYnzss5dAfuDznEbXRmT" & "1A1GYrx2qvPBr1PyqHJ5ibG6ECnJBcqey5" respectively.
  (5B) After landing in those two wallets, the entire balances were moved to "1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL" an address that has been referenced in a past scam accusation (https://bitcointalksearch.org/topic/scam-alert-timetobittimetobitcom-scammed-338-btc-744692). Thank you for that otrkid, that was actually useful.
  (6B) "1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs" , "1AB5fAh4eUT3vLcYnzss5dAfuDznEbXRmT" and "1A1GYrx2qvPBr1PyqHJ5ibG6ECnJBcqey5" do not belong to either DiceMiner or Primedice.


Some anomalies that may or may not be significant, but are certainly noteworthy:
  (1C) 0.03 BTC was mysteriously added into my PD balance recently (after the 100 BTC moved). There is no deposit shown that would account for this. Also, there has not been any recent rolling to win that amount in my absence.
  (2C) As I mentioned before, when I tried to place my first bet, the balance showed "100.0012 BTC". When I got the purple "Insufficient Funds" banner at the top, the amount still showed the same. Only after I refreshed, did the new "0 BTC" balance show.
  (3C) I have tested and it is possible to be simultaneously logged into the same PD account from multiple places. INCREDIBLY DISTURBING!
  (4C) Please view my screencapped video proving (1C):
https://www.youtube.com/watch?v=jd6itPeYcIY&list=UUe9n6OuOep645hrWmumIlyA
This will only make sense to Stunna, since he is privy to all my bet data.


My conclusions so far
   - Based on (1A) through (5A), the issue is not script or malware related.
   - (3B) and (5B) show possible forethought and deliberate action. So this is most probably not a glitch.
   - (1C) and (4C) demonstrates unauthorized activity still occurring on my account. (I don't know why somebody would deposit though...)
   - (3C) represents a DISASTROUS error in security. If somebody had your login info, they could theoretically withdraw your coins while you are playing! Perhaps this is what happened in (2C).


It is still too early to lay blame since so much is still unknown. Regardless, there are absolutely true, demonstrable problems with the site's security and accounting. One can easily test out the security issue by logging into their PD account from multiple computers or browsers at the same time. Two-factor will probably make this a non-issue soon, but it was possibly an important factor in the BS that has happened to me.

Anyhow, big thanks to Stunna for handling this like such a gentleman. Props to Dooglus and anybody else that has contributed. Sorry for the thesis...

100 BTC !!! WTF ? Life changing amount for some countries. Did u CPU mine those coins ?

wow 100 BTC
that's gotta hurt ,good luck

one thing i dont understand is that the OP is not clearing that whether he used bot , script , etc or not , would make it simple if he tells .

I don't think he's accusing anyone of anything. He's just saying he deposited 100 BTC and they vanished. That's quite possible, depending on OP's level of security awareness.

If 100 BTC disappeared from any of my gambling accounts you can bet your ass I would make a post about it!

Of course I would open a support ticket as well, but I would feel like people should be told, in case I was the first of many to be stolen from.

Yup, dooglus is most likely correct. This doesn't seem suspicious to me either, we shouldn't accuse diceminer of this sort of thing when there's really no reason for that to be the case.



Going to aim to have 2fa done today.

It's nice if you can give users checkboxes for major actions, so they can pick which ones require 2FA authentication:

• login
• withdraw
• bet
• pvp
• tip

etc.

He already explained this:


It's not uncommon for people to withdraw at the end of each session so they know their coins are safe in case "something happens" while they're offline.

I don't know how his 10 minute session went. Maybe he lost his first bet, struggled for 10 minutes to get back to breakeven, managed it, then withdrew.

It certainly doesn't look suspicious to me.

Yeah, if PD is having high rollers depositing this much then there's no reason 2FA shouldn't be implemented. Tons of other gambling sites have 2FA added.

Will work on implementing 2fa now, it is up to the users to make use of it though.

That's the whole problem. The last 100 BTC withdrawal didn't go to his wallet, they went to the thief's wallet.

You're seeing two old transactions (OP deposits and then withdraws 100 BTC) and one new one (OP deposits 100 BTC). You're not seeing the 4th transaction (OP has 100 BTC stolen) because that one didn't go to his wallet.

Get it now?

Generally there isn't any action. You had your coins stolen, and now they're gone.

Stunna can presumably tell OP the IP address that withdrew his coins. OP won't be able to prove that it wasn't him doing it. The scammer will have used an untraceable VPN, Tor, or some such.

The best that happens is that PrimeDice implements 2FA-on-withdraw to stop this happening to others in the future (this would have prevented last night's "exploit" attack too), and OP steps up his own security to stop this happening to himself in the future.

I can scramble the developers and we can do a full check of everything.

Current info:

<18:23:05> "Dev": here's what we know so far about 100 btc thing
<18:23:10> "Dev": it wasn't a glitch
<18:23:19> "Dev": it was using the dialog, or api
<18:32:24> "Dev": So it was user caused
<18:32:29> "Dev": there was withdraw out
<18:32:41> "Dev": no one accessed our servers to send it

Right now our hunch is still that some sort of malware/malicious code was involved or that diceminer had used that password somewhere else (potentially that cloudming service where the funds went). . This is a very significant amount of coins though so I'll continue to look into this and if it was indeed malware I'll keep tracking the coins and do what I can to aid in a potential recovery. There's no reason to believe that depositing or leaving funds on PD is dangerous though.



Also @otr the 17:28 cashout was the cashout not sent to his address. I could be wrong but it seems that he is indeed missing 100

This is where the 100 went : https://blockchain.info/address/1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs

If that's true and his coins were stolen, what's the course of action? I don't know how one can prove that they had their BTC stolen from their account unless you have IP logs.

i do know my deposit wallet addresses transacts btc sometimes (not me) but i guess that's just a way to pay people.

17:28:25 - 21/09/14   100.00000000 BTC

This is the time of the claimed stolen cashout. The transaction of 100 leaving and 99.99 returning are from 10+ hours earlier it seems. I think he's genuinely been stolen from so it isn't fair to jump to that sort of conclusion.