Pages:
Author

Topic: Crypto Gambling Sites and Bug/Exploit Reporting and Rewards. (Read 247 times)

full member
Activity: 998
Merit: 157
I will not name names  but I have reported multiple exploitable line issues to different  sportsbook (very popular ones)  and have not  received any reward whatsoever.

They were usually bad lines i.e.  late odds or slow to  update live odds, they were pulled as soon as  i reported and i got a 'thanks'

Never did it again  Cheesy Sad
legendary
Activity: 2534
Merit: 1338
That's interesting but I think I still see a lot of websites who have a bug bounty or sometimes called a feedback reward which I think can work the same according to their description. Most of these sites are not really that well known and as for the ones who are already at the top, I think they already done a lot of upgrades and their system is already at a good condition. That may be the reason on why they don't offer a bug bounty anymore.

IDK if it was the OP but I saw a thread last time which the user said that the his bug reports are only being ignored by the casino. We are not sure if they do, or maybe they already take note of the message and fixed it, but the user must be compensated.
The sad part about all of this is that if casinos, exchanges and any other similar business that deal with cryptocurrencies listened to their users this could be avoided, however it is true that many of those entities choose to ignore bug reports, which allows some hackers to take advantage of those vulnerabilities, steal a lot of money and then claim a huge bounty they can keep legally, when the problem could have been resolved for a tenth of the price they will have to pay at that point to that hacker.
hero member
Activity: 2814
Merit: 618
Leading Crypto Sports Betting & Casino Platform
IDK if it was the OP but I saw a thread last time which the user said that the his bug reports are only being ignored by the casino. We are not sure if they do, or maybe they already take note of the message and fixed it, but the user must be compensated.

There can be a number of reasons why the gambling site may ignore any bug reported by the user. Because they have no clue how to fix that bug, they can ignore the site bug. Sometimes the gambling site won't even start a big bounty, because they do not want to make their shortcomings public or have no resources/skills to fix them.

Regarding the reward to the user who reported the bug, if he reported voluntarily, the gambling sites are not bound to pay him.
hero member
Activity: 1666
Merit: 709
Playbet.io - Crypto Casino and Sportsbook
Well you are right mate, many exchanges fail to check how strong they are against attacks like hacking and also many of the gambling platform don't do regular maintenance to prepare themselves or correct any bugs that may hinder the free flow of activities on the platform.

But the Truth is that the gambling platform and even exchange sector has many options for consumers to choose from, I think the users also has a part to play in all this, before selecting any gambling platform is best to do your own research, check how trusted and fair they are, check the rating on such platforms and the history (if there has been any attacks, bugs and how the platform has handled such situations).
legendary
Activity: 2044
Merit: 1075
Leading Crypto Sports Betting & Casino Platform
This type of transparency will benefit everyone. Users will be more safe with extra testing. People who find exploits are less likely to exploit if they know they can be compensated for the find. The industry overall will benefit from this.
Casinos and exchanges should have a bug bounty, one of the main reasons is they already have a dedicated team for this and the administrator is paying these people to fix bugs and patch and if they post that they have a bug bounty they will be targeted by hackers for exploits because hackers will think that they do not have an internal security to fix exploits.

Casinos and exchange especially the big one will only test for security flaws and bugs prior to their launching and from there they are going to monitor the script or theme for possible exploits so if there is a bug it will be fixed soon by their team or the casino will suffer from too many glitches because of failure to fix the bugs.
That's interesting but I think I still see a lot of websites who have a bug bounty or sometimes called a feedback reward which I think can work the same according to their description. Most of these sites are not really that well known and as for the ones who are already at the top, I think they already done a lot of upgrades and their system is already at a good condition. That may be the reason on why they don't offer a bug bounty anymore.

IDK if it was the OP but I saw a thread last time which the user said that the his bug reports are only being ignored by the casino. We are not sure if they do, or maybe they already take note of the message and fixed it, but the user must be compensated.
hero member
Activity: 2926
Merit: 640
If the bugs aren't that serious or game-breaking, I doubt they'll ever put so much attention to it. There are other things that they need to put their attention to, and minor bugs aren't one of them. My take: leave minor bugs as is and exploit game-breaking ones before submitting it for review. At least, you already profited from it and you have demonstrated that the bug is too critical to be ignored.
If you are already profiting from it, I don't think it will be easy for you to surrender the exploit but it's never too late to be a good guy. Maybe some will did it if they can't sleep peacefully at night. Small bugs are easy to spot and the ones that will report it in the hopes of getting a reward are the normal users.

I tried it actually and you are right. It seems the casino didn't care much about them because they just ignore my message. For those who have an exceptional skills in the IT field, they will always go for the major exploit because they know that the reward for them are huge and maybe they will exploit it first if they are a little greedy.
legendary
Activity: 3318
Merit: 1133
Leading Crypto Sports Betting & Casino Platform
That first one is true. Most of the time it will be the gamblers who will experience the bug after playing for a lonng time. When they report it to the mass chat and moderators will see it then they will say it is being attended, so it gives a freebie to the gambling site where they should be paying after that report. You are right about online gambling business taking care of it without any ruckus and it sucks for the one who saw the mistake because none will be gave to him and it will be fixed like nothing happened.

Imo, they should give more if one user finds it because it will lessen the payment unlike hiring a pro to keep on looking for erros while in the end they cannot even see it. .
hero member
Activity: 2996
Merit: 598
Leading Crypto Sports Betting & Casino Platform


Would you mind sharing with us the names of those "several casinos"? Perhaps a little bit of negative marketing would force the owners of those casinos to do something about it and solve the bugs/exploits.
I don't mind having a publicly available list of crypto casinos, that currently have bugs. Such list will definitely force the casino owners to improve their websites.

I don't think OP will not divulge the names of these casinos, they will just deny it and it will become a he said they said scenario, casinos don't want to be put in this kind of scenario where they have to defend themselves when it comes to security.
Website security is a serious thing casinos can easily lose their reputation and OP needs to back up his word if the bug is already fixed OP will be in a bad situation so let's just be aware that some casinos are like this, they do not want to put a bounty page, it's their prerogative after all.
hero member
Activity: 2912
Merit: 541
Leading Crypto Sports Betting & Casino Platform
It's normal for casinos not to immediately take care of or fix bugs in their system for days because the casino claims they already know about it and are making repairs. But whether they are still delaying the repair or fixing it immediately, we won't know. If the casino hasn't fixed the bug we reported, it means that they are taking security issues lightly, which should be a priority for the casino so they should immediately check it and fix the bug if their security team finds it. But I think there must always be alert casinos, especially if someone finds a bug in their system so they will immediately check and fix the bug so that other people can't use it.

It depends on the casino because if they think the bug is not too dangerous, maybe they can work on it slowly while looking for other bugs that might be more harmful to the casino. Apart from that, casinos also depend on the security team they have in checking for bugs. If the security team can fix the bug immediately, they will fix it immediately.
hero member
Activity: 2702
Merit: 672
I don't request loans~
~
That's just how businesses go. I've been in a small company once that used to hire 3rd party developers to create their programs. They used to pay upwards of thousands of dollars into them, and not just a one-time payment but as well as a monthly maintenance fee. When I first entered and looked at the quality of the system they made, I was honestly thinking why the hell are they still hiring these people, the system looks so outdated not to mention the tens to hundreds of bugs and reports that people who use the system keep reporting to use.

They also tend to downplay a lot of bugs since, well, a lot of people don't even manage to understand how it works so I think they think they can get away with it without any big rewards at all. At that instance where it's reported they can immediately tend to it after all so it isn't exploited, so they just downplay the services of this bug bounty services they offer.
legendary
Activity: 3416
Merit: 1225
This type of transparency will benefit everyone. Users will be more safe with extra testing. People who find exploits are less likely to exploit if they know they can be compensated for the find. The industry overall will benefit from this.

Casinos and exchanges should have a bug bounty, one of the main reasons is they already have a dedicated team for this and the administrator is paying these people to fix bugs and patch and if they post that they have a bug bounty they will be targeted by hackers for exploits because hackers will think that they do not have an internal security to fix exploits.

Casinos and exchange especially the big one will only test for security flaws and bugs prior to their launching and from there they are going to monitor the script or theme for possible exploits so if there is a bug it will be fixed soon by their team or the casino will suffer from too many glitches because of failure to fix the bugs.
hero member
Activity: 1652
Merit: 518
OrangeFren.com
My kind of person would go ahead and exploit the bug when I find it, and then report to the casino or exchange and be ready to return whatever funds I collected through the exploit, but this is after we much have negotiated and come to agreement on how much they will pay me as a bounty for my find.

Though I will only do this after like two or three experiences where I find a critical bug in a casino or exchange, and after reporting it and expecting them to reward me, they refuse claiming they already had known about it , or with the claim that the bug is not critical enough, it is commonly said in my place that "when a bird learns to fly without perching, the hunter will learn to shoot without missing".

So like I've said, If Ive had experience like above with two or three gambling casinos or exchanges, I will start exploiting any bug I find in a casino or exchange, then report to them after I have their funds in my custody, maybe this way, they will learn to appreciate honest bug bounty hunters.

The gambling sites was ready to spend huge money for the person who involved in the gambling now.The reason is by giving the gamblers loss by finding the error,the gamblers who doing the error finding in the website and reporting by seeing the welfare of the gamblers.Every new game will have some bug at the initial launch,some ethical hacker use this bug finding and win in the environment.If you play of three games in three different website and you had found three bugs in all three website.Then create a mail to the developer or owner of the project.You need to attach the bug details in screenshot to the gambling sites which had bugs.
legendary
Activity: 1624
Merit: 1007
My kind of person would go ahead and exploit the bug when I find it, and then report to the casino or exchange and be ready to return whatever funds I collected through the exploit, but this is after we much have negotiated and come to agreement on how much they will pay me as a bounty for my find.

Though I will only do this after like two or three experiences where I find a critical bug in a casino or exchange, and after reporting it and expecting them to reward me, they refuse claiming they already had known about it , or with the claim that the bug is not critical enough, it is commonly said in my place that "when a bird learns to fly without perching, the hunter will learn to shoot without missing".

So like I've said, If Ive had experience like above with two or three gambling casinos or exchanges, I will start exploiting any bug I find in a casino or exchange, then report to them after I have their funds in my custody, maybe this way, they will learn to appreciate honest bug bounty hunters.

While this is an options (and sometimes also necessary to a degree) i usually try to avoid solutions like that. The reason being that You also want to keep a level of professionalism so you dont scare away your potential customers. And it can also land you in some hot water legally speaking.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
My kind of person would go ahead and exploit the bug when I find it, and then report to the casino or exchange and be ready to return whatever funds I collected through the exploit, but this is after we much have negotiated and come to agreement on how much they will pay me as a bounty for my find.

Though I will only do this after like two or three experiences where I find a critical bug in a casino or exchange, and after reporting it and expecting them to reward me, they refuse claiming they already had known about it , or with the claim that the bug is not critical enough, it is commonly said in my place that "when a bird learns to fly without perching, the hunter will learn to shoot without missing".

So like I've said, If Ive had experience like above with two or three gambling casinos or exchanges, I will start exploiting any bug I find in a casino or exchange, then report to them after I have their funds in my custody, maybe this way, they will learn to appreciate honest bug bounty hunters.
hero member
Activity: 3150
Merit: 937
Quote
There are several casinos that fall into the categories below that are currently on Bitcointalk. Some even have active exploits that have not been fixed simply because the casino operator can not be asked to reply to the email they provided for such reports.

Would you mind sharing with us the names of those "several casinos"? Perhaps a little bit of negative marketing would force the owners of those casinos to do something about it and solve the bugs/exploits.
I don't mind having a publicly available list of crypto casinos, that currently have bugs. Such list will definitely force the casino owners to improve their websites. Waiting to get paid for finding bugs won't work. Most casino owners are stingy and most crypto casinos don't want to put some money aside for such purposes.
Many crypto casinos are using the same templates and gambling scripts. I am no expert in this field, but what is the chance all those casinos to have similar bugs?
sr. member
Activity: 1106
Merit: 391
Usually online casino platforms have teams that work on application development or they outsource it to other companies. The development of applications certainly requires a process and cannot be just developed and run at any time. There are stages where application development takes longer and if there is a bug that is not too disruptive to the service, usually the platform will note it and include it in the next stage of development. As long as the bug is not fatal and a danger to the service, usually it will be left until everything has been developed by the team.
However, it is true that the platform's appreciation for bug bounties is sometimes not commensurate with the bugs found and that is why many bug hunters prefer to exploit these bugs and sell them to hackers.
legendary
Activity: 1624
Merit: 1007
Ill start this off by saying that i do basic security testing as a hobby for exchanges and for casinos. And dealing with most crypto related casinos/exchanges frustrates me so much that it makes me want to quit regularily (and i do, i just come back after a while).

There are several casinos that fall into the categories below that are currently on Bitcointalk. Some even have active exploits that have not been fixed simply because the casino operator can not be asked to reply to the email they provided for such reports.

This is not just a problem with gambling sites, but there should definitely be proactiveness on the part of administrators in recognizing problems and resolving them more effectively, especially when we are dealing with other people's money.

Unfortunately, not only casinos, but many websites underestimate the service of honest people who encounter and report these problems.
In addition to resolving problems when reported, they should recognize the importance of whoever found the problem and reward them fairly, always looking at how much they could have asked for if the flaw had been exploited by someone with bad intentions.

This is exactly it. This is something that happens on many sites that deal with user funds, or with user data. How many times have we seen companies "loose" users data and act as if it is nothing. It just feels its especially prevelant in crypto circles.
legendary
Activity: 2352
Merit: 1121
☢️ alegotardo™️
Ill start this off by saying that i do basic security testing as a hobby for exchanges and for casinos. And dealing with most crypto related casinos/exchanges frustrates me so much that it makes me want to quit regularily (and i do, i just come back after a while).

There are several casinos that fall into the categories below that are currently on Bitcointalk. Some even have active exploits that have not been fixed simply because the casino operator can not be asked to reply to the email they provided for such reports.

This is not just a problem with gambling sites, but there should definitely be proactiveness on the part of administrators in recognizing problems and resolving them more effectively, especially when we are dealing with other people's money.

Unfortunately, not only casinos, but many websites underestimate the service of honest people who encounter and report these problems.
In addition to resolving problems when reported, they should recognize the importance of whoever found the problem and reward them fairly, always looking at how much they could have asked for if the flaw had been exploited by someone with bad intentions.
hero member
Activity: 1498
Merit: 547
Top Crypto Casino
Depends on the bugs, I don't think if the bug is critical they're going just to ignore it.

Most casinos will ignore a really minor bug. Unless your bug is a loophole in the customer data, accessing their fund, etc. If you think the bug is really affecting the service and they responding to what you have explained.

Another good things to do next, just exploited the bug and then contact them again. What you got, sometimes action is necessary as long you already report it and they ignore you.
Majority of bugs that are reported are usually are taken into account by most casinos whether it be a minor or a major bug however it varies depending on how these bug affects it's user and the casino on whether they proceed with an action.

I've seen minor bugs on different gambling platforms here that has been there ever since and a known bug but since it doesn't affect much the casino, no action has taken into account.

Still, there's just some gambling sites out that doesn't really care much until they get affected or multiple reports has been raised and publicized.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
If the bugs aren't that serious or game-breaking, I doubt they'll ever put so much attention to it. There are other things that they need to put their attention to, and minor bugs aren't one of them. My take: leave minor bugs as is and exploit game-breaking ones before submitting it for review. At least, you already profited from it and you have demonstrated that the bug is too critical to be ignored.

The bug to the game is common one to the game,So Until the bug will be serious we no need to worry about the gambling site bugs.The minor bugs can’t be consider as the serious one,So we no need to worry on that.If you feel the bug is dangerous,you can report the same bug to the site owner.All the site as the features of rewarding the people who report the bugs and help the developing team.The also reward the bug reporting people based on the bug size.If the major bugs was reported the website will improve their performance based on our involvement.

Though there could be minor bugs out there that could potentially lead to a critical one if left unchecked, or if it could be exploited even further to huge bigger problems. There are some bugs that act as if they are benign initially, but becomes devastating once discovered that it's connected to other parts of the game or platform. Pretty sure that the casino will have their eyes and ears on those minor bugs, though not as intently as what they give to the bigger ones.
Pages:
Jump to: