Topic: ★FastBets.io - A New Way to Gamble ★ - page 34. (Read 58680 times)

fantastic, this is exactly what I had in mind!

im hoping that you manage to open before the end of the weekend, cant gamble at work .. but security is important, so reopen when you are confident

Can't wait your website will reopened
and can't wait what will happen i hope you will give us new feature of gambling

Jup, I said we'll be back this weekend or beginning next week. Still think that this will happen.

It hasn't reopened yet and the site is still showing the same message as before.
Two days ago OP said the work would be done in a day or two, so it should be almost there.

That is great news to hear you are back and now open again for betting, will play there with some amount just waiting for it.

Great point yoloer808. Will actually do that right now: I just signed our new hot wallet which currently holds 5.468 BTC.

Address: 1FCEXDW4Em8qVbfNbGcMttFxGmLty7amFG
Message: FastSlots Main Wallet - we will be back!
Signature: H0iDQlgfXCdtSvO8A8N3yim4/bl7gmxv4n5I/9ueC7ogQmC4B29GGPEGClW/E0j9WpLmed8PBY9BRBBoj6yJf4Y=

To verify just head over to https://brainwallet.github.io/#verify, click on Bitcoin-QT, and insert the above.

good to hear you are on track to reopen again. Just a word of advice: you've been hacked, people may be skeptical of your solvency / ability to pay out winnings and therefore be wary of depositing. It would be a good idea to sign a message with your wallet proving that you are in possession of a bankroll to actually pay out winners.

keep your chin up and keep doing what your doing, looking forward to the reopening!

Sure, why not!

We run our own server. I just noticed that you run http://crypto-games.net. It's a great site! Would love to exchange thought on security with you. Will send you a pm in a bit.

I see. That is totally different level of problem Do you run your own server or do you have site hosted at third party provider?

Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db.


Basically the problem was about the security of our server and not a problem with our application code. We are currently setting the server back up with all sorts of security measures in place. We will test things thoroughly and will be back most likely in a day or two, but worst case at the beginning of next week. I really do not want to rush this just to get hacked again.



Thanks mate :-)

They surely won't start it until they have found security problem. And that is not so easy in online casino case.

hello admin any time frame when you will get back online, it taking to much to get back the things right, any update about the current situation what is going on there?

Did you check server seeds if they were the same on all bets? All random functions that run on today computers are calculated based on time. So if two procedures trigger random generator at the same time, you can get duplicate server seeds.... that could be potential risk. We solved it with table that stores all used server seeds, so they are always unique. Random generator just isn't good in this case.
Just idea, maybe it helps.

Sorry to hear about what happened to you guys.

Best of luck with everything!

Sorry for my late reply. Was unsure how to answer your second question (see below)

I think you should not be. I think consumers are pretty safe these days (at least they are much more than a few years ago).

What annoys me most about this incident is that hackers keep the barrier to entry into the gambling world high. Operators need to waste a lot of time and money on security instead of implementing games. This is one of the reasons why building an online casino is hard. If opening an online casino was as easy as writing and online game I'd bet that gambling would be way more awesome (and way more fair for that matter).

I have though about your question for a bit but have not come to a final conclusion as to how much info to share. I do not want to put too many details out there that might put us in jeopardy in the future. I can however point to resources that people setting up bitcoin casinos might find useful. They are all related to server security as that is what we are focussed on atm.

There is a great article on how to get a baseline level of security for a web server. Everybody who want's to get into the bitcoin game as an operator should follow these instructions from day one:
https://www.linode.com/docs/security/securing-your-server

The rest of your security will depend on your application and your level of paranoia. The best in depth resource on server security that I could find on the web is the "Securing Debian Howto".
https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

Will not share more info atm but might in the future. If anyone knows security related resources that will help us and other operators build more secure casinos, feel free to post them here.

such a pity that bitcoin is associated with these kind of people. I am really skeptical about introducing my friends to it because of all the scams..

If you have time, would you mind outlining how exactly he hacked you? (of course after you patch things up)... I think it could be an interesting read, as well as a warning for other sites...

Thanks mate appreciate your support.

Actually our system is pretty solid. We've had it tested by several talented hackers that could not break anything. However we did have a small vulnerability. With respect to security that's basically just as bad as having no security at all (at least it can cost the same amount of money...). Nonetheless this is a wakeup call for us to double down on security even more and to rethink all aspects of our system. Once we get this done, FastSlots will be even more secure.

It's still hard to estimate when exactly we will be back. I have the tendency to be too optimistic in my estimates, but I really hope it will not take more than a few days.

If anyone would like to withdraw just email me ([email protected]). My purchase of additional coins has now cleared so that I will be able to payout all deposits immediately.

Holy s***, Im so sorry this happened man. I've been loosely following your site from the beginning and I thought it was pretty solid... I hope you indeed have enough money to continue running the site, I cant imagine losing 5 btc...

Im glad that you found the problem and are fixing it, hope to see the site up soon. Keep up the great work!

Hi guys,

We finally know what happened during the hack and can now start fixing things. I cannot disclose many details, all I can say is that the attacker was able to predict server secrets which allowed him to rake in huge wins.

We have learned a lot from this incident and the result will be that FastSlots will be more secure than ever. We've worked with a group of trusted bitcointalk users to scrutinize FastSlots' security. The result is that we know much more precisely what our weak points are and are able to address these accordingly. We really like to think of FastSlots as an organism: every time we survive and attack that makes us stronger.

We will get back online in a few days. As mentioned previously, just send me an email ([email protected]) if you'd like to withdraw your balance. 

Henry