Pages:
Author

Topic: crypto-games.net, 30% house edge, bugs and vulnerabilities, screw the investors! - page 7. (Read 13017 times)

copper member
Activity: 2996
Merit: 2374
I can't speak to any specific conversations that either Dooglus or subSTRATA had with this site's owner, or the owner of other sites. However if it were me that had found the exploit, then I would have told them something along the following:

"I have found an issue with your site that others could potentially use to steal from you, I have no intention of disclosing it to anyone other then you, nor do I have any intention of using such exploit personally, although I cannot guarantee that others will not use the same public information to exploit this same issue."

I think the above would pass the test of not being blackmail, while still being reasonably compensated for your time/skills.

The fact is that gambling sites are for-profit entities, and giving advice as to how to prevent yourself from getting robbed when large amounts of money is at stake should not be given for free. These sites should invest in the time/effort to prevent these kinds of exploits from existing in the first place.

https://bitcointalksearch.org/topic/m.11780169

Quote
the admin of the site seems rather hostile and is trying to rip both me and dooglus off, demanding a lower bounty for the deal, i am entertaining offers in this thread or through pm regarding this. a percentage of this will be paid to dooglus for his help in confirming this issue.

Am I misunderstanding something here?
I am not saying that the OP did what I suggested should have been done, I am just saying that you can receive a bug/exploit bounty without blackmailing/extorting the owner of the site.

I know that here, the owner of the site said:
Quote
Exploit it please, and earn 1 btc. When you do we are willing to pay you 1.5btc extra to tell us about it. We are tired of this lame scam attempts. We get mails of exploits weekly, but no one proved or steal anything. Only reason why we offered you any amount is because you have others users backing you up.
If something similar was said about selling the exploit, then the OP trying to sell it would be fair game. If something similar was not said, then trying to sell it would not be appropriate.

When it comes to bug reports, there is a very fine line between blackmail and responsible disclosure.
legendary
Activity: 1120
Merit: 1000
I'm just wondering why nobody else could see the point I was trying to make. If someone pulled this BS at just-dice (offered to sell an exploit if Dooglus didn't pay up), all the kids over there would go absolutely crazy.

I pointed this out earlier, and it was ignored. But probably just because the site admin responded like a raving lunatic, so it's hard to sympathize with him.

I don't sympathize for him at all. He was willing to let investors get screwed too. I do sympathize for the investors though, as I doubt they had any idea on what was going on and were most likely the ones who would get screwed over by this.

Seems people turn a blind eye around here lately when it comes to the more higher ranked members...
legendary
Activity: 1120
Merit: 1000
again, i stand that i didnt threaten them at any point.

Pay me or I sell the exploit , which would only screw investors. Yeah okay, no harm done there  Roll Eyes

i never demanded payment from them, i only asked that the full sum be agreed to and i did agree that I would disclose the first bug if they agreed, which they did not. the disclosure of the second bug was not up to me as I had no in depth knowledge of it at the time. then the insults began... i never even put the bug to use either. again, youre free to think what you think, but at this point i have no ill intentions to either of the individuals running the site.

well it seems this has quickly turned against me somehow, i agree that xetsr has valid points and that i am at fault for a lapse in judgement, but i did not get anything out of this from either crypto-games or any other third party.

You didn't get anything out of this... but what if someone did pay you? This is the point I'm trying to make. if someone offered you what you were asking for, you would have sold them the exploit, right? Like your previous posts suggested.

You were willing to release the exploit for a price at the expense of investors. cant find it now, but at the point in which the dev/admin mentioned that emails were sent out to investors, is around the time when i learned that there were investors on the site.

ill be quite honest here, i initially noticed the bug when i clicked "max" on the site, and noticed the discrepancy of 6500x and 0.02% win chance. at that point in time, i had no knowledge there was an investment option on the site.


Am I misunderstanding something here?

no you are not, that is my fault and a serious lapse in judgement.

Okay then, glad you realized your mistake and the damage that could have been done if you were to get an offer and proceeded to sell the exploit.

Just so everyone knows, I have nothing to do with the site and I'm not a investor. I'm just wondering why nobody else could see the point I was trying to make. If someone pulled this BS at just-dice (offered to sell an exploit if Dooglus didn't pay up), all the kids over there would go absolutely crazy.

I changed my feedback to neutral since you admitted you made a mistake Smiley
legendary
Activity: 1288
Merit: 1043
:^)
again, i stand that i didnt threaten them at any point.

Pay me or I sell the exploit , which would only screw investors. Yeah okay, no harm done there  Roll Eyes

i never demanded payment from them, i only asked that the full sum be agreed to and i did agree that I would disclose the first bug if they agreed, which they did not. the disclosure of the second bug was not up to me as I had no in depth knowledge of it at the time. then the insults began... i never even put the bug to use either. again, youre free to think what you think, but at this point i have no ill intentions to either of the individuals running the site.

well it seems this has quickly turned against me somehow, i agree that xetsr has valid points and that i am at fault for a lapse in judgement, but i did not get anything out of this from either crypto-games or any other third party.

You didn't get anything out of this... but what if someone did pay you? This is the point I'm trying to make. if someone offered you what you were asking for, you would have sold them the exploit, right? Like your previous posts suggested.

You were willing to release the exploit for a price at the expense of investors. cant find it now, but at the point in which the dev/admin mentioned that emails were sent out to investors, is around the time when i learned that there were investors on the site.

ill be quite honest here, i initially noticed the bug when i clicked "max" on the site, and noticed the discrepancy of 6500x and 0.02% win chance. at that point in time, i had no knowledge there was an investment option on the site.


Am I misunderstanding something here?

no you are not, that is my fault and a serious lapse in judgement.

edit: at this point

I am not even sure that I would trust the site to pay out large wins that a +EV strategy would result in. The site is very new, has a tiny bankroll, and is acting very unprofessionally.

big point here; even if they decide to pay out, their decisions in handling this entire matter were questionable at best, announcing their site as the subject of this thread was probably the biggest mistake, this is a lose-lose situation for them now.

Yeah, and it's not only them at risk, but also investor's money.
Them being "confident" is totally going to bring a lot of people down.

Time to take a couple of last looks at the site lol.

great point, after this, their site is dead regardless of the outcome. inviting people to come and dump your bankroll and not even consulting with your investors? that's some special publicity right there.
legendary
Activity: 1120
Merit: 1000
I can't speak to any specific conversations that either Dooglus or subSTRATA had with this site's owner, or the owner of other sites. However if it were me that had found the exploit, then I would have told them something along the following:

"I have found an issue with your site that others could potentially use to steal from you, I have no intention of disclosing it to anyone other then you, nor do I have any intention of using such exploit personally, although I cannot guarantee that others will not use the same public information to exploit this same issue."

I think the above would pass the test of not being blackmail, while still being reasonably compensated for your time/skills.

The fact is that gambling sites are for-profit entities, and giving advice as to how to prevent yourself from getting robbed when large amounts of money is at stake should not be given for free. These sites should invest in the time/effort to prevent these kinds of exploits from existing in the first place.

https://bitcointalksearch.org/topic/m.11780169

Quote
the admin of the site seems rather hostile and is trying to rip both me and dooglus off, demanding a lower bounty for the deal, i am entertaining offers in this thread or through pm regarding this. a percentage of this will be paid to dooglus for his help in confirming this issue.

Am I misunderstanding something here?
legendary
Activity: 1120
Merit: 1000
again, i stand that i didnt threaten them at any point.

Pay me or I sell the exploit , which would only screw investors. Yeah okay, no harm done there  Roll Eyes

i never demanded payment from them, i only asked that the full sum be agreed to and i did agree that I would disclose the first bug if they agreed, which they did not. the disclosure of the second bug was not up to me as I had no in depth knowledge of it at the time. then the insults began... i never even put the bug to use either. again, youre free to think what you think, but at this point i have no ill intentions to either of the individuals running the site.

well it seems this has quickly turned against me somehow, i agree that xetsr has valid points and that i am at fault for a lapse in judgement, but i did not get anything out of this from either crypto-games or any other third party.

You didn't get anything out of this... but what if someone did pay you? This is the point I'm trying to make. if someone offered you what you were asking for, you would have sold them the exploit, right? Like your previous posts suggested.

You were willing to release the exploit for a price at the expense of investors.
legendary
Activity: 1288
Merit: 1043
:^)
I can't speak to any specific conversations that either Dooglus or subSTRATA had with this site's owner, or the owner of other sites. However if it were me that had found the exploit, then I would have told them something along the following:

"I have found an issue with your site that others could potentially use to steal from you, I have no intention of disclosing it to anyone other then you, nor do I have any intention of using such exploit personally, although I cannot guarantee that others will not use the same public information to exploit this same issue."

I think the above would pass the test of not being blackmail, while still being reasonably compensated for your time/skills.

The fact is that gambling sites are for-profit entities, and giving advice as to how to prevent yourself from getting robbed when large amounts of money is at stake should not be given for free. These sites should invest in the time/effort to prevent these kinds of exploits from existing in the first place.

something along those lines;


i made it clear there were two bugs in the initial pm sent, and at which a later point DCM was suddenly surprised there were two bugs. also i made it clear in the first few pages of the thread that no details would be disclosed except to the site owner.
sr. member
Activity: 434
Merit: 250
:)
Yeah, shits fucked on this site. Avoid it like the plague boys Cheesy

thats a rather crude way to put it, but yes, basically that.


this guy needs to get out, like now. 4.66 BTC invested given the current situation.
I'm not here to sugar coat anything. Poorly coded, bad management, and the lack of ability to do math. Recipe for the investors to lose everything. Only reason to stay around here is if you are a player that can abuse the glitches and make some bank.

not saying im trying to sugar coat it, just saying the language was rather crude. but after the shady turn of events, im going to assume that crypto-games.net will not be giving anything for the bug finding(s), and considering the address in OP as a tip address. if dooglus wants to post one too ill gladly edit it into the op, the guy really deserves credit for finding some back-end bugs.
Yeah, I got you. Dooglus really is good at finding bugs and he gets paid from sites regularly for it. I'm sure he wont mind too much though.

Wait, so Dooglus blackmails other sites too? word it anyway you want but this was blackmail, pay my price or I release / sell the exploit that would harm not only the owner but innocent investors who probably didn't know better.

right? Or am I missing something here?
I never said doog blackmails people. The fuck are you leaping on me here for? Sites approach him for it and he helps them out. He also finds them by himself on the side but never blackmails anyone for it.
copper member
Activity: 2996
Merit: 2374
I can't speak to any specific conversations that either Dooglus or subSTRATA had with this site's owner, or the owner of other sites. However if it were me that had found the exploit, then I would have told them something along the following:

"I have found an issue with your site that others could potentially use to steal from you, I have no intention of disclosing it to anyone other then you, nor do I have any intention of using such exploit personally, although I cannot guarantee that others will not use the same public information to exploit this same issue."

I think the above would pass the test of not being blackmail, while still being reasonably compensated for your time/skills.

The fact is that gambling sites are for-profit entities, and giving advice as to how to prevent yourself from getting robbed when large amounts of money is at stake should not be given for free. These sites should invest in the time/effort to prevent these kinds of exploits from existing in the first place.
legendary
Activity: 1288
Merit: 1043
:^)
again, i stand that i didnt threaten them at any point.

Pay me or I sell the exploit , which would only screw investors. Yeah okay, no harm done there  Roll Eyes

i never demanded payment from them, i only asked that the full sum be agreed to and i did agree that I would disclose the first bug if they agreed, which they did not. the disclosure of the second bug was not up to me as I had no in depth knowledge of it at the time. then the insults began... i never even put the bug to use either. again, youre free to think what you think, but at this point i have no ill intentions to either of the individuals running the site.

well it seems this has quickly turned against me somehow, i agree that xetsr has valid points and that i am at fault for a lapse in judgement, but i did not get anything out of this from either crypto-games or any other third party.
legendary
Activity: 1120
Merit: 1000
again, i stand that i didnt threaten them at any point.

Pay me or I sell the exploit , which would only screw investors. Yeah okay, no harm done there  Roll Eyes
legendary
Activity: 1288
Merit: 1043
:^)
again, i stand that i didnt threaten them at any point.
legendary
Activity: 1120
Merit: 1000
Blackmail is blackmail.

I dont know the current situation with this site but if these are real investors, you are just as bad as the site owner. Same with dooglus.... others have gotten negative feedback for blackmailing other scammers, not sure why neither of you have gotten some yet.

Bottom line: You were willing to profit from possibly innocent investors if the owner failed to pay you.
legendary
Activity: 1288
Merit: 1043
:^)
Yeah, shits fucked on this site. Avoid it like the plague boys Cheesy

thats a rather crude way to put it, but yes, basically that.


this guy needs to get out, like now. 4.66 BTC invested given the current situation.
I'm not here to sugar coat anything. Poorly coded, bad management, and the lack of ability to do math. Recipe for the investors to lose everything. Only reason to stay around here is if you are a player that can abuse the glitches and make some bank.

not saying im trying to sugar coat it, just saying the language was rather crude. but after the shady turn of events, im going to assume that crypto-games.net will not be giving anything for the bug finding(s), and considering the address in OP as a tip address. if dooglus wants to post one too ill gladly edit it into the op, the guy really deserves credit for finding some back-end bugs.
Yeah, I got you. Dooglus really is good at finding bugs and he gets paid from sites regularly for it. I'm sure he wont mind too much though.

Wait, so Dooglus blackmails other sites too? word it anyway you want but this was blackmail, pay my price or I release / sell the exploit that would harm not only the owner but innocent investors who probably didn't know better.

right? Or am I missing something here?

think what youd like, i offered to help them but they turned hostile on me, and even though i tried to keep their site's name hidden, they went and let it out themselves, causing all this. i admit i did try to sell it for a short period of time, but soon abandoned the idea, morality isnt that cheap, and i plan to keep it that way.

in regards to "pay my price" or whatever, i offered 1 BTC for the bug on the +EV bets, and another 0.5 BTC for a back end bug that dooglus found, but agreeing to disclose that second part was not my decision as i had no in depth-knowledge of that bug. apparently, getting the major bug that allowed for +EV bets (32% at that) wasnt good enough, so the admin started getting rather hostile and insulting. from that last part, i was tempted to sell it or whatever, but as i said above, i abandoned the idea in 20 or so minutes, opting for the moral route. then you know, all this started.

i expressed it before too, there are several other bugs that are clearly being exploited right now; i am not disclosing them especially because one individual has invested quite a large sum into the site. also, i never threatened them.
legendary
Activity: 1120
Merit: 1000
Yeah, shits fucked on this site. Avoid it like the plague boys Cheesy

thats a rather crude way to put it, but yes, basically that.


this guy needs to get out, like now. 4.66 BTC invested given the current situation.
I'm not here to sugar coat anything. Poorly coded, bad management, and the lack of ability to do math. Recipe for the investors to lose everything. Only reason to stay around here is if you are a player that can abuse the glitches and make some bank.

not saying im trying to sugar coat it, just saying the language was rather crude. but after the shady turn of events, im going to assume that crypto-games.net will not be giving anything for the bug finding(s), and considering the address in OP as a tip address. if dooglus wants to post one too ill gladly edit it into the op, the guy really deserves credit for finding some back-end bugs.
Yeah, I got you. Dooglus really is good at finding bugs and he gets paid from sites regularly for it. I'm sure he wont mind too much though.

Wait, so Dooglus blackmails other sites too? word it anyway you want but this was blackmail, pay my price or I release / sell the exploit that would harm not only the owner but innocent investors who probably didn't know better.

right? Or am I missing something here?
legendary
Activity: 1288
Merit: 1043
:^)
assuming with this hotfix, that a 99.999 is the highest obtainable roll, one player is still exploiting for a +EV using the exploit that dooglus has found:



1 - ( 1094*0.001 ) = -.094, 9.4% edge for the player.

this is an absolute laughingstock at this point.
sr. member
Activity: 434
Merit: 250
:)
Yeah, shits fucked on this site. Avoid it like the plague boys Cheesy

thats a rather crude way to put it, but yes, basically that.


this guy needs to get out, like now. 4.66 BTC invested given the current situation.
I'm not here to sugar coat anything. Poorly coded, bad management, and the lack of ability to do math. Recipe for the investors to lose everything. Only reason to stay around here is if you are a player that can abuse the glitches and make some bank.

not saying im trying to sugar coat it, just saying the language was rather crude. but after the shady turn of events, im going to assume that crypto-games.net will not be giving anything for the bug finding(s), and considering the address in OP as a tip address. if dooglus wants to post one too ill gladly edit it into the op, the guy really deserves credit for finding some back-end bugs.
Yeah, I got you. Dooglus really is good at finding bugs and he gets paid from sites regularly for it. I'm sure he wont mind too much though.
hero member
Activity: 602
Merit: 500
since I was following chat there, I witnessed a number of people divesting out of there including a MOD.

Guys please. We all make mistakes, don't we?

In your case mistake isn't an option, you're running a gambling site and people have entrusted you with their hard earned money.. don't play the i am just a human excuse.. people already warned you and want to get it fixed before it it would turn into a pretty big mess but you chose your ego " We are confident with our code" yeah right, serves you right
legendary
Activity: 1288
Merit: 1043
:^)
Yeah, shits fucked on this site. Avoid it like the plague boys Cheesy

thats a rather crude way to put it, but yes, basically that.


this guy needs to get out, like now. 4.66 BTC invested given the current situation.
I'm not here to sugar coat anything. Poorly coded, bad management, and the lack of ability to do math. Recipe for the investors to lose everything. Only reason to stay around here is if you are a player that can abuse the glitches and make some bank.

not saying im trying to sugar coat it, just saying the language was rather crude. but after the shady turn of events, im going to assume that crypto-games.net will not be giving anything for the bug finding(s), and considering the address in OP as a tip address. if dooglus wants to post one too ill gladly edit it into the op, the guy really deserves credit for finding some back-end bugs.
sr. member
Activity: 434
Merit: 250
:)
Yeah, shits fucked on this site. Avoid it like the plague boys Cheesy

thats a rather crude way to put it, but yes, basically that.


this guy needs to get out, like now. 4.66 BTC invested given the current situation.
I'm not here to sugar coat anything. Poorly coded, bad management, and the lack of ability to do math. Recipe for the investors to lose everything. Only reason to stay around here is if you are a player that can abuse the glitches and make some bank.
Pages:
Jump to: