Pages:
Author

Topic: bustabit – The original crash game - page 93. (Read 61171 times)

member
Activity: 112
Merit: 16
March 21, 2019, 08:18:30 AM
Thanks for your investigation, and refund for the investors, you gained my respect.
However, if you accept a suggestion, next time a bug or something forces you to pause the game for hours, we (investors, and players) would be happy to receive some regular update on the status.

BigTHX again
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
March 21, 2019, 08:17:44 AM
Earlier today, an attacker exploited a previously unknown vulnerability in one of bustabit's API methods which allowed him to find out the current game's outcome before its end. By exploiting this bug the attacker managed to win a total of 122.5686 BTC and empty the hot wallet.

I have confirmed the existence of this vulnerability and deployed a fix for it. In a few minutes, the game will resume and the hot wallet refilled.

bustabit will reimburse all affected bankroll investors out of pocket. Each investor's account will be credited with the full amount of bits lost to the attacker and an equal amount of dilution fee credits. Because I want to ensure that all affected investors are made whole (vs just adding 122.5686 BTC to the bankroll again), this will take 1-2 days while I calculate how much each investors is owed.

There is no indication that this vulnerability was exploited before today. Player funds were not at risk at any point in time. The problem was specific to bustabit and bustadice was not affected in any way.

Have to express the way you managed this situation is exemplary. You are going to cover the losses of 122.5686 BTC and dilution fee credits - excellent. That equates to around $475,000 in FIAT.

It is unfortunate this attack took place but it is commendable you managed to isolate the issue and fixed it so quickly and it cannot be exploited again.

Regarding the vulnerability, though you have run thorough checks it just might be possible that the attacker made test runs with tiny amounts in the recent past to check the vulnerability exists before going after the 122.5686 BTC. It seems highly unlikely the attacker stumbled across the vulnerability by chance, it seems more probable the attacker carried out the attack after devising a plan.

copper member
Activity: 55
Merit: 0
March 21, 2019, 08:08:49 AM
Good job, proud to be BAB investor.
newbie
Activity: 10
Merit: 0
March 21, 2019, 07:57:46 AM
Earlier today, an attacker exploited a previously unknown vulnerability in one of bustabit's API methods which allowed him to find out the current game's outcome before its end. By exploiting this bug the attacker managed to win a total of 122.5686 BTC and empty the hot wallet.

I have confirmed the existence of this vulnerability and deployed a fix for it. In a few minutes, the game will resume and the hot wallet refilled.

bustabit will reimburse all affected bankroll investors out of pocket. Each investor's account will be credited with the full amount of bits lost to the attacker and an equal amount of dilution fee credits. Because I want to ensure that all affected investors are made whole (vs just adding 122.5686 BTC to the bankroll again), this will take 1-2 days while I calculate how much each investors is owed.

There is no indication that this vulnerability was exploited before today. Player funds were not at risk at any point in time. The problem was specific to bustabit and bustadice was not affected in any way.


Do you can help to another busta sites, for solved that vulnerability too ?
legendary
Activity: 930
Merit: 1010
March 21, 2019, 07:55:50 AM
Earlier today, an attacker exploited a previously unknown vulnerability in one of bustabit's API methods which allowed him to find out the current game's outcome before its end. By exploiting this bug the attacker managed to win a total of 122.5686 BTC and empty the hot wallet.

I have confirmed the existence of this vulnerability and deployed a fix for it. In a few minutes, the game will resume and the hot wallet refilled.

bustabit will reimburse all affected bankroll investors out of pocket. Each investor's account will be credited with the full amount of bits lost to the attacker and an equal amount of dilution fee credits. Because I want to ensure that all affected investors are made whole (vs just adding 122.5686 BTC to the bankroll again), this will take 1-2 days while I calculate how much each investors is owed.

There is no indication that this vulnerability was exploited before today. Player funds were not at risk at any point in time. The problem was specific to bustabit and bustadice was not affected in any way.

Great job! You are the best!
sr. member
Activity: 528
Merit: 368
March 21, 2019, 07:48:58 AM
Earlier today, an attacker exploited a previously unknown vulnerability in one of bustabit's API methods which allowed him to find out the current game's outcome before its end. By exploiting this bug the attacker managed to win a total of 122.5686 BTC and empty the hot wallet.

I have confirmed the existence of this vulnerability and deployed a fix for it. In a few minutes, the game will resume and the hot wallet refilled.

bustabit will reimburse all affected bankroll investors out of pocket. Each investor's account will be credited with the full amount of bits lost to the attacker and an equal amount of dilution fee credits. Because I want to ensure that all affected investors are made whole (vs just adding 122.5686 BTC to the bankroll again), this will take 1-2 days while I calculate how much each investors is owed.

There is no indication that this vulnerability was exploited before today. Player funds were not at risk at any point in time. The problem was specific to bustabit and bustadice was not affected in any way.
newbie
Activity: 10
Merit: 0
March 21, 2019, 07:47:08 AM
See Daniel's commentary !

https://i.imgur.com/OSmV63f.png
legendary
Activity: 3094
Merit: 1127
March 21, 2019, 07:37:57 AM
@JollyGood, you literally created like 4 threads to complain about BetKing. Please don't turn this into a 5th.


Good thing that you able to spot it out directly and hopefully that vulnerability didnt cause any loss amount into its investors.When this thing do happen?

Looking at: https://dicesites.com/bustabit  it looks like a hit of ~119 bitcoin in the last day. Assuming this was the result of a security problem, Daniels has already promised to cover this out of his own pocket, so investors should be pretty relieved.

Fortunately 119 bitcoin is pretty manageable compared to the site's bankroll, or profits (for both investors and commissions). But going forward I think I'd like to see a more explicit outline between Daniel and investors about how security issues like this are dealt with. The site bankroll is a massive 3.2k bitcoin at the moment, so that represents a pretty huge liability (e.g. imagine if a lucky whale won half, then turns out they weren't actually lucky) so I think it's worth dealing with.
I cant deny that the site's bankroll is really too big which that exploited funds isnt really that much and good to know that Daniel do pays it off with his own pocket but 119BTC is still a lot of money.
sr. member
Activity: 429
Merit: 263
March 21, 2019, 07:25:25 AM




betking are announcing unconfirmed amount of 100 BTC being hacked at Bustabit

Hacked is not really the word I'd use. It's more likely an exploit using the websocket. Either way, investor and player funds remain untouched. Looks like Dean just enjoys spreading FUD.

What are you talking about? When he said it on his website, the information was already in this thread.

Nothing has been confirmed yet. Additionally, hacked isn't the appropriate term to use.

And he said it wasn't confirmed .25 seconds later. I literally can't figure out why the original picture was posted or how there was another user in this thread that thinks it's at all relevant to this thread.
full member
Activity: 434
Merit: 101
YouTuber, gambler, and scam-buster.
March 21, 2019, 07:23:13 AM




betking are announcing unconfirmed amount of 100 BTC being hacked at Bustabit

Hacked is not really the word I'd use. It's more likely an exploit using the websocket. Either way, investor and player funds remain untouched. Looks like Dean just enjoys spreading FUD.

What are you talking about? When he said it on his website, the information was already in this thread.

Nothing has been confirmed yet. Additionally, hacked isn't the appropriate term to use.
sr. member
Activity: 429
Merit: 263
March 21, 2019, 07:21:47 AM




betking are announcing unconfirmed amount of 100 BTC being hacked at Bustabit

Hacked is not really the word I'd use. It's more likely an exploit using the websocket. Either way, investor and player funds remain untouched. Looks like Dean just enjoys spreading FUD.

What are you talking about? When he said it on his website, the information was already in this thread.
full member
Activity: 434
Merit: 101
YouTuber, gambler, and scam-buster.
March 21, 2019, 07:18:52 AM




betking are announcing unconfirmed amount of 100 BTC being hacked at Bustabit

Hacked is not really the word I'd use. It's more likely an exploit using the websocket. Either way, investor and player funds remain untouched. Looks like Dean just enjoys spreading FUD.
legendary
Activity: 1463
Merit: 1886
March 21, 2019, 07:18:29 AM
@JollyGood, you literally created like 4 threads to complain about BetKing. Please don't turn this into a 5th.


Good thing that you able to spot it out directly and hopefully that vulnerability didnt cause any loss amount into its investors.When this thing do happen?

Looking at: https://dicesites.com/bustabit  it looks like a hit of ~119 bitcoin in the last day. Assuming this was the result of a security problem, Daniels has already promised to cover this out of his own pocket, so investors should be pretty relieved.

Fortunately 119 bitcoin is pretty manageable compared to the site's bankroll, or profits (for both investors and commissions). But going forward I think I'd like to see a more explicit outline between Daniel and investors about how security issues like this are dealt with. The site bankroll is a massive 3.2k bitcoin at the moment, so that represents a pretty huge liability (e.g. imagine if a lucky whale won half, then turns out they weren't actually lucky) so I think it's worth dealing with.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
March 21, 2019, 07:03:24 AM




betking are announcing unconfirmed amount of 100 BTC being hacked at Bustabit
full member
Activity: 434
Merit: 101
YouTuber, gambler, and scam-buster.
March 21, 2019, 06:09:33 AM
I have temporarily paused games on bustabit because of a potential security vulnerability. All users' funds are safe and if the vulnerability is confirmed then bankroll investors will be reimbursed for any losses.
Good thing that you able to spot it out directly and hopefully that vulnerability didnt cause any loss amount into its investors.When this thing do happen?

This incident happened about an hour ago. If it was indeed a vulnerability, then Daniel will have to pay about 100 BTC from his own pocket to investors, which I am sure he will do. In my view, this only reenforces Daniel's trustworthiness, because a malicious operator could simply say that some players got lucky, and wouldn't disclose the breach.
legendary
Activity: 3094
Merit: 1127
March 21, 2019, 06:08:10 AM
I have temporarily paused games on bustabit because of a potential security vulnerability. All users' funds are safe and if the vulnerability is confirmed then bankroll investors will be reimbursed for any losses.
Good thing that you able to spot it out directly and hopefully that vulnerability didnt cause any loss amount into its investors.When this thing do happen?

Edit: Holy macaroni with just 9 bets and look the profits.

full member
Activity: 434
Merit: 101
YouTuber, gambler, and scam-buster.
March 21, 2019, 05:28:54 AM
I have temporarily paused games on bustabit because of a potential security vulnerability. All users' funds are safe and if the vulnerability is confirmed then bankroll investors will be reimbursed for any losses.

Sorry to hear that, man. I hope everything gets resolved. Best case scenario would be not a hack of course, but at this point it's virtually guaranteed that the hashes are compromised. I'm excited to see whether or not you disclose what the vuln was after it is patched. Good luck and thanks for your hard work!
sr. member
Activity: 528
Merit: 368
March 21, 2019, 04:59:08 AM
I have temporarily paused games on bustabit because of a potential security vulnerability. All users' funds are safe and if the vulnerability is confirmed then bankroll investors will be reimbursed for any losses.
legendary
Activity: 1386
Merit: 1058
March 20, 2019, 11:19:49 AM
I can understand your grief with Dean Nolan, I do also think he did scammed people who participated in his ICO and all that but is it really the place to talk about that? I know you have bunch of topics you yourself started talking about how he is a scam but maybe keep it in there? Keep it on your own topics about how he is a scam? This is the topic for bustabit and as far as we know bustabit has nothing against Dean Nolan or his scam, its totally irrelevant, they have no connection as in anything bad to say back or anything.

So, you are (and in a way I am right now) making the topic go off rails when you talk about him. Try to keep talks about him on topics about him and when you write in other places (which I have seen you write in many other places) just either don't write at all or write about the website itself, not someone else.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
March 19, 2019, 06:49:37 PM
Just wanted to post here to say that I've had over 300 bitcoin in this site at one time and they have paid me out.


Great to read about that. I never heard a negative word about bustabit, bustadice and devans (apart from scammer Dean Nolan because he is jealous that they are successful while his betking scam website is dying a fast death)
Pages:
Jump to: