Author

Topic: Coindice,Johny1976 Scam. Sell script with bugs. (Read 4611 times)

jr. member
Activity: 198
Merit: 8
Please hack me
    LONG Dice  https://longdice.crypton.cf
    LONG Jack  https://longjack.crypton.cf
sr. member
Activity: 555
Merit: 251
i was busy all these day.. i know few good php developers let me ask them to run through the code and fix the bugs if possible
full member
Activity: 1190
Merit: 105
PredX - AI-Powered Prediction Market
legendary
Activity: 1120
Merit: 1000
i have had all the same issue with coinwheel and coinjack all btc stolen from both games

i have had coinjack secured now though with help from a coder friend.

so if anyone buys these scripts i recommend you just dont they are not worth the price and the loss of pot
sr. member
Activity: 555
Merit: 251
You are all new members. I dont see how the problem can be proven except there is an error in the code that makes the outcome of the bets guessable or a real backdoor. So that everyone knows the problem existed before it was sold.

How could it be made sure that the casino owners didnt change the code themself? That they are all new users doesnt make it easier.

Im not blaming, i only point out a problem.

Are there other casino owners that run their script without problems? It would be strange when such an exploit would be used only by 2 out of 100 casinos or so...

All those that I have talked to including me have had problems with the script.  I bought all versions and have just abandoned them all.

All updates are the same versions with 1-2 extra lines of code.  Multiple devs were reached to make modifications and most of them said that it was unworkable and it was much easier to start from scratch.

However I can say that I never ran into a backdoor in my versions (there's a lot of counterfeits that actually do include backdoors).

Do you still have the latest version 5?
sr. member
Activity: 555
Merit: 251
I have a group of php developers.. i think i can run an audit
member
Activity: 98
Merit: 10
dang was there any sales support? i was thinking of buying?
sr. member
Activity: 555
Merit: 251
I thought johny would be genuine.  Shocking to know that he is also a scam
newbie
Activity: 15
Merit: 0
So many time gone. Johny have alot of red feedbacks. Be careful, think twice b4 make deal with this person.After payment you get script, after, you lose all money in POT of your dice.. No more other people who was scammed?
legendary
Activity: 1135
Merit: 1002
Developer
Lovely.

It's almost impossible that we're still working, isn't it? Maybe we just aren't such a big scammers as some people call us. Anyway I'd like to congratulate you on not falling for this BIG SCAM.
full member
Activity: 364
Merit: 101
I don't know the others scripts but the CoinJack  have 2 backdoors but if you know how you can remove it all will be fine.
newbie
Activity: 15
Merit: 0
The coindicescam guy is from crimedice by my guess, don't know who the other guy is though, could be a shill as well.
LoL you are another scammer than or guy who lick ass to mr Johny my guess ..

No news. No pm. Johny still ripping..

here is another guy who was scammed  https://bitcointalksearch.org/topic/scammed-by-johny1976-creator-of-coindice-script-not-paying-bug-bounty-1091065

here is new bullshit script from johny1976 https://bitcointalksearch.org/topic/run-your-own-casino-coinslots-casino-script-1141261

why no negative feedbacks more??
who bought and have success deal with this scripts? NOBODY?

No moneyback. No support. Scam,fake and bullshit

Johny1976=bump
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
I wonder if the dice site owners know the kelly criterion. They never should raise the max profit over 1% of the house. So when 1 Bitcoin is the house then max profit is only allowed to be up to 0.01 Bitcoin.

If you dont follow that rule that you can be wiped out pretty fast. The kelly criterion shows how to adjust max profit in order to have the maximum profit with the least risk.

A security expert, i asked to check the code a bit, checked it and found:

I just had a look and this is awful code. Why is it all ajax calls? Why you not using websockets?
With even a little load this will bog down. You need to at least have a websocket server for doing all the communications like betting.
Even the chat function is ajax calls. This is bad design!

For 1btc, I suppose there can't be too much expectation. But if you are going to do something, do it right!

Also, don't you think there is already enough dice sites? Why do we need more?

As far as i know he says that an attacker could bring down the server because of the design. And that is potentially risky. Though he did not go as far as to attack a site really.
legendary
Activity: 1232
Merit: 1017
The coindicescam guy is from crimedice by my guess, don't know who the other guy is though, could be a shill as well.

No! the coindice script has been used many times.. pretty much its a dirt cheap trash that most who don't know how to make a website buys it
sr. member
Activity: 392
Merit: 250
The coindicescam guy is from crimedice by my guess, don't know who the other guy is though, could be a shill as well.
newbie
Activity: 15
Merit: 0
Hi, i have no news. no pm in. nobody interest of this shit. we stopped dice site bcoz its 1000% Johny scam. no support of his products. no moneyback. we lose money and i pasted all b4. i can confirm deal with johny for 1.1 btc. i can give script to anyone who can make audit and pay after some bitcoins. i cant see other way to put negative feedback to johny. its a bullshit.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
When there are so many people complaining about the script, I wonder why someone just doesn't post the whole code of the latest script in public so that everyone can take a look at it and find existing bugs / backdoors. I'm a coder and security analyst myself, but not interested in running a dice site - still I would love to see if there are some bugs in the script that were put in there on purpose.

Making it complete public would be the wrong step. The accusation "could" be wrong and at the end johnys script would be useless, because he cant sell it anymore, since its out there for free.

I think the correct thing would be to provide it by pm or email to persons who claim they will do a review. Though that could turn out to be a "free script" thing too fast. At least if everyone only needs to ask.

Maybe the best option would be to provide proof that someone can check the code. Im not sure how much that would limit the potential users. I mean because they want to stay anonymous.
legendary
Activity: 1135
Merit: 1002
Developer
When there are so many people complaining about the script, I wonder why someone just doesn't post the whole code of the latest script in public so that everyone can take a look at it and find existing bugs / backdoors. I'm a coder and security analyst myself, but not interested in running a dice site - still I would love to see if there are some bugs in the script that were put in there on purpose.

I have no problem with providing you the whole code for review. We may be idiots who have bugs in their scripts but we are not thieves.

Or you can ask coindicestand to give you the code he got from me if you don't believe it's same. I see no problem with this either.

Johny
elm
legendary
Activity: 1050
Merit: 1000
No offense taken - I didn't say that anyone should send me the script.
I just don't understand why people are crying and calling johny1976 a scamer, but do nothing against it.
If you are sure that he scammed you, then stop others from falling for the same scam by making his scripts available to the public.
From the threads I've read and people I've spoken to, I am pretty sure that those 'bugs' are build in on purpose.

I agree with you and was also wondering that he still has green trust. and if there are bugs to give someone the option to steal coins then IMO it was intended to steal. the blackjack script had so many bugs that I found and I am not a coder but those bugs were game and rule related. Johny has no clue about the game itself.

lets hear something from coindicestand if he could arrange an agreement with johny
newbie
Activity: 2
Merit: 0
No offense taken - I didn't say that anyone should send me the script.
I just don't understand why people are crying and calling johny1976 a scamer, but do nothing against it.
If you are sure that he scammed you, then stop others from falling for the same scam by making his scripts available to the public.
From the threads I've read and people I've spoken to, I am pretty sure that those 'bugs' are build in on purpose.
elm
legendary
Activity: 1050
Merit: 1000
When there are so many people complaining about the script, I wonder why someone just doesn't post the whole code of the latest script in public so that everyone can take a look at it and find existing bugs / backdoors. I'm a coder and security analyst myself, but not interested in running a dice site - still I would love to see if there are some bugs in the script that were put in there on purpose.

so maybe some script owner can give you the script for review. but to see that you jump in with your 1st post
doesn't smell that good either  IMO, no offense intended.
newbie
Activity: 2
Merit: 0
When there are so many people complaining about the script, I wonder why someone just doesn't post the whole code of the latest script in public so that everyone can take a look at it and find existing bugs / backdoors. I'm a coder and security analyst myself, but not interested in running a dice site - still I would love to see if there are some bugs in the script that were put in there on purpose.
elm
legendary
Activity: 1050
Merit: 1000
just for info............Johny deleted today 5 postings of mine. I didnt offend him at all I just asked some questions.

 Sad
elm
legendary
Activity: 1050
Merit: 1000


At the end... if those risks are mentioned for years then there might be something true. As long as no careful code review is done... including database entries.  Roll Eyes

so who could do a careful code review?

I dont know since normally you need to KNOW risky code parts. And thats something the average code developer not knows in detail.

Another thought i got is... didnt op mention that the max profit he sat was a big part of the house? Theres a reason why dooglus even sat the max profit down from 1% to 0.5% on justdice. The reason was that someone was able to win a big part of the house with 1%. Thats why you normally use the kelly criterion. And the kelly criterion says 1% is the best value for best profit. If you raise that value then the chance raise exponentially that you will lose big parts of the house. Or all of it. The reason is that its very hard to win back something lost if your house is, lets say halved already.

Thats mathematics. And maybe the script seller should point that out more aggressively.

Though thats only another thought as a possible problem.

agree with you but the seller is very quiet Sad until now
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile


At the end... if those risks are mentioned for years then there might be something true. As long as no careful code review is done... including database entries.  Roll Eyes

so who could do a careful code review?

I dont know since normally you need to KNOW risky code parts. And thats something the average code developer not knows in detail.

Another thought i got is... didnt op mention that the max profit he sat was a big part of the house? Theres a reason why dooglus even sat the max profit down from 1% to 0.5% on justdice. The reason was that someone was able to win a big part of the house with 1%. Thats why you normally use the kelly criterion. And the kelly criterion says 1% is the best value for best profit. If you raise that value then the chance raise exponentially that you will lose big parts of the house. Or all of it. The reason is that its very hard to win back something lost if your house is, lets say halved already.

Thats mathematics. And maybe the script seller should point that out more aggressively.

Though thats only another thought as a possible problem.
elm
legendary
Activity: 1050
Merit: 1000


At the end... if those risks are mentioned for years then there might be something true. As long as no careful code review is done... including database entries.  Roll Eyes

so who could do a careful code review?
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
You are all new members. I dont see how the problem can be proven except there is an error in the code that makes the outcome of the bets guessable or a real backdoor. So that everyone knows the problem existed before it was sold.

How could it be made sure that the casino owners didnt change the code themself? That they are all new users doesnt make it easier.

Im not blaming, i only point out a problem.

Are there other casino owners that run their script without problems? It would be strange when such an exploit would be used only by 2 out of 100 casinos or so...
In all seriousness, new or old doesn't really matter anymore. Could take $50 and buy myself a two year senior account if I wanted.

Thats right... though theoretically it would be way easier to create a number of newbie accounts and tell a story about multiple scripts acting strange.

Though again... i dont accuse, i only point out that its hard to prove. And i wonder, how many scripts were sold and how many scripts wallets, out of that, were emptied?

At the end... if those risks are mentioned for years then there might be something true. As long as no careful code review is done... including database entries.  Roll Eyes
legendary
Activity: 2464
Merit: 3158
I bought a dice website which was using CoinDice. Since I was not the original script buyer, I didn't get any update and Johny never replied to my PM when I contacted him to look for a solution.
However, I asked a dev to audit the code before I put it in production. He said it was ok to run it, and that there is no backdoor.

Sure, there was no backdoor.
About 2 months later, someone found an exploit and managed to empty my hot wallets. Again, this was not a backdoor made on purpose.

What happened is that the hacker found a way to repeat some operations.
At the beginning, he repeated bets. [Screenshot] (see how the bet ID got reversed but the roll outcome is the same for all the bets... Disturbing isn't it ?)
But then, the exploiter managed to repeat withdrawals and made them happen several times in my wallet, while the script shows it processed them only once.

I have read a lot of thread about CoinDice being easily exploited. Overall, it seems poorly secured.
Because Johny didn't care at all about my messages, I won't buy, host or support a CoinDice script ever.

Buyers beware.
legendary
Activity: 1330
Merit: 1000
You are all new members. I dont see how the problem can be proven except there is an error in the code that makes the outcome of the bets guessable or a real backdoor. So that everyone knows the problem existed before it was sold.

How could it be made sure that the casino owners didnt change the code themself? That they are all new users doesnt make it easier.

Im not blaming, i only point out a problem.

Are there other casino owners that run their script without problems? It would be strange when such an exploit would be used only by 2 out of 100 casinos or so...

All those that I have talked to including me have had problems with the script.  I bought all versions and have just abandoned them all.

All updates are the same versions with 1-2 extra lines of code.  Multiple devs were reached to make modifications and most of them said that it was unworkable and it was much easier to start from scratch.

However I can say that I never ran into a backdoor in my versions (there's a lot of counterfeits that actually do include backdoors).
sr. member
Activity: 350
Merit: 250
You are all new members. I dont see how the problem can be proven except there is an error in the code that makes the outcome of the bets guessable or a real backdoor. So that everyone knows the problem existed before it was sold.

How could it be made sure that the casino owners didnt change the code themself? That they are all new users doesnt make it easier.

Im not blaming, i only point out a problem.

Are there other casino owners that run their script without problems? It would be strange when such an exploit would be used only by 2 out of 100 casinos or so...
In all seriousness, new or old doesn't really matter anymore. Could take $50 and buy myself a two year senior account if I wanted.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
You are all new members. I dont see how the problem can be proven except there is an error in the code that makes the outcome of the bets guessable or a real backdoor. So that everyone knows the problem existed before it was sold.

How could it be made sure that the casino owners didnt change the code themself? That they are all new users doesnt make it easier.

Im not blaming, i only point out a problem.

Are there other casino owners that run their script without problems? It would be strange when such an exploit would be used only by 2 out of 100 casinos or so...
newbie
Activity: 15
Merit: 0
its ok, but u say u good server administrator. how can u see cheating i gameplay in your apache log? im not good in this, but i think will be no hack activity in apache we will know everything when we reverse script. soon.
newbie
Activity: 5
Merit: 0

and what about my problem

the exact same problem is here too and the problem is not from the server i secure my server very good and i know how to secure my server ( i work as a servers administrator ) .

plus the strategy happens is not from the server side at all it is exploit on the script it self since the hacker load a real BTC on the site and then he bet with ( 1% , 0.5% ) win chance and he success from his first bet , it happens with me with 3 account each was new register account and he just do a single bet with a bet chance just  ( 1% , 0.5% ) and win from his first roll  and run with all the money from the site .

first time i told he is a very lucky person but then after i see that happens with a different 2 account the same day i was completely sure that this is not a luck .

Yes man, same game. Anyway its a cheating. It cant be 100% if script is secured. We have same problem. try to find a statistic from admin panel and u see mb some blinds are lost..or see same stats of players like me. here can be an exploit or backdoor im not coder, i dont know. But tell US that we all cant setup script on safe server is a BULLSHIT FAKE AND LIE! I dont know what is Apache, i ask my admin to turn it on after hack. I was hacked in 2-3 hours after start dice. Thats johny and his guys. I think its time to ban this person. Or how we can get our moneyback?

Johny1976, I think ther is no way to tell us that ur script fully secured! Its a Lie. Think we find good guys who fix bugs and knock u out from this forum. I think not only 2 guys who was hacked. POPCORN and see who come here with same problems with same johny with same script.



i Can get prooflink to admin panel anyone who are compitent in this question.  can pay some bits for reversing this dice to fix bugs and so on. after we do all i think we can share this  script or else. nobody shoul be ripped more  what do u think guys?

i think we should wait for him to fix this problem but first he have to confess that he have a problem on his script we all know that nothing is 100% secure he have to fix the problem because keeping such problem  on wild is not good for him or for the buyers
newbie
Activity: 15
Merit: 0

and what about my problem

the exact same problem is here too and the problem is not from the server i secure my server very good and i know how to secure my server ( i work as a servers administrator ) .

plus the strategy happens is not from the server side at all it is exploit on the script it self since the hacker load a real BTC on the site and then he bet with ( 1% , 0.5% ) win chance and he success from his first bet , it happens with me with 3 account each was new register account and he just do a single bet with a bet chance just  ( 1% , 0.5% ) and win from his first roll  and run with all the money from the site .

first time i told he is a very lucky person but then after i see that happens with a different 2 account the same day i was completely sure that this is not a luck .

Yes man, same game. Anyway its a cheating. It cant be 100% if script is secured. We have same problem. try to find a statistic from admin panel and u see mb some blinds are lost..or see same stats of players like me. here can be an exploit or backdoor im not coder, i dont know. But tell US that we all cant setup script on safe server is a BULLSHIT FAKE AND LIE! I dont know what is Apache, i ask my admin to turn it on after hack. I was hacked in 2-3 hours after start dice. Thats johny and his guys. I think its time to ban this person. Or how we can get our moneyback?

Johny1976, I think ther is no way to tell us that ur script fully secured! Its a Lie. Think we find good guys who fix bugs and knock u out from this forum. I think not only 2 guys who was hacked. POPCORN and see who come here with same problems with same johny with same script.



i Can get prooflink to admin panel anyone who are compitent in this question.  can pay some bits for reversing this dice to fix bugs and so on. after we do all i think we can share this  script or else. nobody shoul be ripped more  what do u think guys?
newbie
Activity: 5
Merit: 0
I said to him in Skype conversation that we would give him everything he'd losted if he gave us any kind of proof (the Apache logs would be enough). He said that Apache by default has the logs off, which is a lie. I see something suspicious here.

We do have a compensation program for cases like this one. Sadly, no one gave us any proof, that it was caused by our script. He was the one setting up the server so he could possibly do something wrong.

As I said, it could be the problem in our script, but there's no evidence for us to confirm that claim.
and what about my problem

the exact same problem is here too and the problem is not from the server i secure my server very good and i know how to secure my server ( i work as a servers administrator ) .

plus the strategy happens is not from the server side at all it is exploit on the script it self since the hacker load a real BTC on the site and then he bet with ( 1% , 0.5% ) win chance and he success from his first bet , it happens with me with 3 account each was new register account and he just do a single bet with a bet chance just  ( 1% , 0.5% ) and win from his first roll  and run with all the money from the site .

first time i told he is a very lucky person but then after i see that happens with a different 2 account the same day i was completely sure that this is not a luck .
legendary
Activity: 1135
Merit: 1002
Developer
I said to him in Skype conversation that we would give him everything he'd losted if he gave us any kind of proof (the Apache logs would be enough). He said that Apache by default has the logs off, which is a lie. I see something suspicious here.

We do have a compensation program for cases like this one. Sadly, no one gave us any proof, that it was caused by our script. He was the one setting up the server so he could possibly do something wrong.

As I said, it could be the problem in our script, but there's no evidence for us to confirm that claim.
newbie
Activity: 15
Merit: 0
Hey guys! I see,not only me have same problems. Thanks for ur time! I can give this script to reverse and fix all bugs in audit or give u access. Pls if u can help to stop this scam bullshit dont stay away.
Pm me if i can help with someth. We should stop this together. Regards.
sr. member
Activity: 350
Merit: 250
Someone graciously sent me a copy, so now I am doing my audit. If you're reading this Johnny, I have no intention of stealing from you, I have no interest in running a dice site or copying it further.

I've already found a big problem with the script.

Here is how the hashes and server seeds are being generated (the author is Polish):

Code:
function generateHash($delka_retezce,$capt=false) {
  if ($capt==true) $mozne_znaky='123456789ABCDEFGHIJKLMNPQRSTUVWXYZ';
  else $mozne_znaky='abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  $vystup='';
  for ($i=0;$i<$delka_retezce;$i++)  $vystup.=$mozne_znaky[mt_rand(0,strlen($mozne_znaky)-1)];
  return $vystup;
}

function generateServerSeed() {
  $rand_nr=mt_rand(0.01*100,99.99*100)/100;
  if (mt_rand(1,2)==2) $pre_rand=($rand_nr-0.01);
  else $pre_rand=($rand_nr+0.01);
  $str=generateHash(26).'-'.((double)(($pre_rand+0.001).mt_rand(1,99999999999999999999999999999)));
  return $str;
}

You can see that the main source of randomness is mt_rand. mt_rand is not cryptographically secure, according to PHP's own documentation!

Quote from: PHP docs
This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
Caution

The distribution of mt_rand() return values is biased towards even numbers on 64-bit builds of PHP when max is beyond 2^32. This is because if max is greater than the value returned by mt_getrandmax(), the output of the random number generator must be scaled up.

As you can see, max is 99999999999999999999999999999, far larger than 4294967296. The function generateServerSeed() also seems very fishy to me, why doesn't it just get cryptographically secure bytes? Why add/subtract 0.01 and 0.001?

Don't run/buy this script based on this alone. The hashing is NOT suitable for Bitcoin casinos which need cryptographically secure randomness.
Try to find the backdoor he installed. For many years people have said there is a backdoor which allows him to empty the owner's bank wallet and send it to a specified address within the code.
full member
Activity: 245
Merit: 124
Someone graciously sent me a copy, so now I am doing my audit. If you're reading this Johnny, I have no intention of stealing from you, I have no interest in running a dice site or copying it further.

I've already found a big problem with the script.

Here is how the hashes and server seeds are being generated (the author is Polish):

Code:
function generateHash($delka_retezce,$capt=false) {
  if ($capt==true) $mozne_znaky='123456789ABCDEFGHIJKLMNPQRSTUVWXYZ';
  else $mozne_znaky='abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  $vystup='';
  for ($i=0;$i<$delka_retezce;$i++)  $vystup.=$mozne_znaky[mt_rand(0,strlen($mozne_znaky)-1)];
  return $vystup;
}

function generateServerSeed() {
  $rand_nr=mt_rand(0.01*100,99.99*100)/100;
  if (mt_rand(1,2)==2) $pre_rand=($rand_nr-0.01);
  else $pre_rand=($rand_nr+0.01);
  $str=generateHash(26).'-'.((double)(($pre_rand+0.001).mt_rand(1,99999999999999999999999999999)));
  return $str;
}

You can see that the main source of randomness is mt_rand. mt_rand is not cryptographically secure, according to PHP's own documentation!

Quote from: PHP docs
This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
Caution

The distribution of mt_rand() return values is biased towards even numbers on 64-bit builds of PHP when max is beyond 2^32. This is because if max is greater than the value returned by mt_getrandmax(), the output of the random number generator must be scaled up.

As you can see, max is 99999999999999999999999999999, far larger than 4294967296. The function generateServerSeed() also seems very fishy to me, why doesn't it just get cryptographically secure bytes? Why add/subtract 0.01 and 0.001?

Don't run/buy this script based on this alone. The hashing is NOT suitable for Bitcoin casinos which need cryptographically secure randomness.
copper member
Activity: 2996
Merit: 2374
There have been a number of reports of various bugs in this script. Considering the amount of money being put into some bitcoin related casinos I am surprised that the script is not being looked at more closely prior to being put into production.
legendary
Activity: 2254
Merit: 1140
I heard many stories like this and many postings in Johny's thread were deleted. why could no one find the exploit in the script before going online? is it really that difficult? I am asking this because I am not a coder.



It's possible the bug could be there on purpose, to allow the author to steal any deposits.

I've left a neutral feedback - can't leave negative if there was no guarantee the program would be bug free.   Undecided

VOD, it was not specifically stated that the program would be "bug free", however it was specifically stated that if a user lost money due to bugged code that he would pay up to the price of the script.    He refused to honor his guarantee until I posted a long post about my situation.   It seems he is doing that again to OP.   I am still out the entire price of the script, but whatever.   At least I got a little back.
full member
Activity: 245
Merit: 124
I'd be happy to audit his script for free. If you were scammed by it, please send me a copy in PM, since there is no way I am going to pay him for a copy.

I have plenty of experience with the technologies mentioned, PHP and MySQL, since my site 8ch.net uses both.
legendary
Activity: 1120
Merit: 1000
This script is known to have bugs and exploits. Johny deletes posts in his thread but they can be found elsewhere throughout the forum. A simple google search would have lead you to those threads and prevented this.

Why was the max win set so high? Next time set it much lower and you won't have to worry about 1 - 2 bets taking your entire balance. No solid evidence of cheating, could be luck but if they were to cheat it would have took longer and you probably could have caught it with the lower max bet / max profit.

Quote
I heard many stories like this and many postings in Johny's thread were deleted. why could no one find the exploit in the script before going online? is it really that difficult? I am asking this because I am not a coder.

From what I seen so far, most people running this script have little to no coding skills.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
I heard many stories like this and many postings in Johny's thread were deleted. why could no one find the exploit in the script before going online? is it really that difficult? I am asking this because I am not a coder.



It's possible the bug could be there on purpose, to allow the author to steal any deposits.

I've left a neutral feedback - can't leave negative if there was no guarantee the program would be bug free.   Undecided
elm
legendary
Activity: 1050
Merit: 1000
I heard many stories like this and many postings in Johny's thread were deleted. why could no one find the exploit in the script before going online? is it really that difficult? I am asking this because I am not a coder.

Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
Did you guys receive any guarantee with the product?
newbie
Activity: 5
Merit: 0
the exact same problem is here too and the problem is not from the server i secure my server very good and i know how to secure my server ( i work as a servers administrator ) .

plus the strategy happens is not from the server side at all it is exploit on the script it self since the hacker load a real BTC on the site and then he bet with ( 1% , 0.5% ) win chance and he success from his first bet , it happens with me with 3 account each was new register account and he just do a single bet with a bet chance just  ( 1% , 0.5% ) and win from his first roll  and run with all the money from the site .

first time i told he is a very lucky person but then after i see that happens with a different 2 account the same day i was completely sure that this is not a luck .
legendary
Activity: 2254
Merit: 1140
The same thing happened to me but with the coinjack script.   Johny made up excuse after excuse to not pay his guarantee.  He even specifically told me to delete my VPS, then when I deleted it, he suddenly wanted access to the server again. 
newbie
Activity: 15
Merit: 0
What happened::
We bought coindice script from Johny1976. B4 make order he told that his script is fully secured. Start our dice. We load 1 btc in coindice pot. After announce people start playing. I saw 2 players cheats. How it can be if script is secured i dont know. We lost 1 btc in short time. Player make impossible 200.0x blind and won all pot. Some blinds of this players are gone from admin panel. We stopped after lose all pot to this cheaters. I asked johny1976 how it can be if all secured. He told me that i just lose. lol its a fake bullshit. Ask me to give Apache log wich are optionaly disabled in my vps. now i ask admin turn it on. Then Johny told me that i want to fuck him. So i want to find who else was hacked with same method. Who bought this script. Who can fix bugs coz this game we bought just for fun. I want moneyback for script if it will be possible.

Scammers Profile Link:
https://bitcointalksearch.org/topic/coindice-start-your-own-dice-site-today-507515
https://bitcointalksearch.org/user/johny1976-143958


Amount Scammed:
1.1 BTC for script
0.3 BTC vps domain hosting cost
1 BTC coindice pot

total 2.4 BTC
Payment Method:
bitcoin
Proof of Payment:
will give to any in PM
PM/Chat Logs:
I have got some stats from admin panel to see where was cheating. I give admin panel to anybody who wants to see proof. I can make screenshot. Now just text

see the difference
15997   Player_551   2015-05-10
04:52:41   0.0037 BTC   200.00x   <0.49   0.27   +0.73630000
15983   Player_532   2015-05-10
04:02:48   0.00000128 BTC   2.00x   <49.50   80.07   -0.00000128

how 200.0x blind was created?
 id's are gone dont know how ? 15983-15997 where is other blinds. they are gone from stats.


Stats
Number of bets:    15997
Total wagered:    14.26327901 BTC
Total profit:    -1.48723903 BTC
Real house edge:    -10.42705%
Wins:    8175
Losses:    7822
W/L ratio:    1.045
Invest Stats
Total Investors:   
Total Invested:    0.00000000 BTC
House Investment:    -0.53339727 BTC
Total Investor's Profit:    0.00000000 BTC
Total house profit:    0.00000000 BTC

negative house investment Huh

Period    Real house edge    Profit
Last hour    +0.00000%    +0.00000000
Last 24h    +0.00000%    +0.00000000
Last 7d    -13.55505%    -1.55457783

other player 109 cheating too look

2015-05-10
00:37:05   Player_109   -0.12420200   746d61b6409511ab635eab31990fc2bae513820b73786a02a3a01c8a5fb08410
2015-05-10
00:34:51   Player_109   -0.56000000   8e3516b583caa4e69049e052825f2cf384e396fb7ad64939ebde28e87b73d1fe
2015-05-10
00:31:20   Player_109   +0.05000000   f4003246f50bfafff0adf641d247d39f5316b1df86c4c96ec91ea8606b0c1e22


9352   Player_448   2015-05-10
00:41:59   0.00000001 BTC   2.00x   <49.50   35.62   +0.00000001     where is others? 9352-9338
9338   Player_109   2015-05-10
00:36:50   0.003 BTC   2.00x   >50.50   67.41   +0.00300000
9337   Player_109   2015-05-10
00:36:48   0.003 BTC   2.00x   >50.50   53.02   +0.00300000
9336   Player_109   2015-05-10
00:36:46   0.003 BTC   2.00x   >50.50   82.95   +0.00300000
9335   Player_109   2015-05-10
00:36:25   0.003 BTC   10.00x   >90.10   91.10   +0.02700000
9334   Player_109   2015-05-10
00:36:23   0.003 BTC   10.00x   >90.10   27.33   -0.00300000
9333   Player_109   2015-05-10
00:36:22   0.003 BTC   10.00x   >90.10   10.17   -0.00300000
9332   Player_109   2015-05-10
00:36:21   0.003 BTC   10.00x   >90.10   66.17   -0.00300000
9331   Player_109   2015-05-10
00:36:19   0.003 BTC   10.00x   >90.10   32.61   -0.00300000
9330   Player_109   2015-05-10
00:36:18   0.003 BTC   10.00x   >90.10   23.82   -0.00300000
----------------------------
9309   Player_109   2015-05-10
00:35:32   0.003 BTC   10.00x   >90.10   27.90   -0.00300000
9308   Player_109   2015-05-10
00:35:30   0.003 BTC   10.00x   >90.10   39.65   -0.00300000
9307   Player_109   2015-05-10
00:35:29   0.003 BTC   10.00x   >90.10   32.21   -0.00300000
9306   Player_109   2015-05-10
00:35:27   0.003 BTC   10.00x   >90.10   39.38   -0.00300000
9303   Player_109   2015-05-10
00:34:34   0.0387 BTC   17.00x   >94.18   94.40   +0.61920000

Guys what do u think about it? Lets stop this bullshit on forum?
Jump to: