Hello,
This is my second to last post on here, so if you are tired of reading my posts about my concern over Fortune Jack's security, then do not worry.
On February 20th, Fortune Jack sent me a pm "Hey, if there's anything that we can help you with the regarding the concern you've, please let us know so we can assist you accordingly.
Team FJ"
I took a few days to respond to this, because it kind of felt like the phrasing was structuring this is as my problem, and how could they help me fix whatever issue I seemed to be having.
Regardless, I responded on March 3rd. Since no one was willing to supply me with a created username/password just for the sake of testing, I went against my normal ethical boundaries with this kind of testing, and just pulled a random users account from the site. I told this to Fortune Jack, and did not hide the fact this account was not mine, did not belong to me, and that the user had no connections with me, or any knowledge of my existence. The IP logs would back this up, and since the account had almost no balance, and I would not be doing anything to alter the balance, I took this approach.
I took a video using screen capturing video software Bandicam, and sent a short video of me attempting to log into the account, only to prompted for the 2FA code.
I had a stopwatch/timer on screen running to show that nothing was being editing, and within 30-seconds, I demonstrated my ability to login into the account, reassign the accounts 2FA code to one I controlled, effectively bypassing the 2FA verification.
I then disabled the 2FA completely on the account before signing out.
Since that, I haven't heard a single word from them. Meanwhile, they are still active and more than happy to post and update about their latest promotions on the forum.
Even though I may have started off these posts with a bit of an already skeptical view on Fortune Jack, I tried to give them the benefit of the doubt and see if bringing this issue to light would maybe push them to acknowledged the issue and move toward a fix.
If you want to keep playing on the site, I hope you nothing but success and smooth sailing. I am not going to tell anyone what to do with their own crypto. I simply wanted to bring it to attention that if an attacker has your username and password (which I assure you, is much easier than many may realize) your 2FA does not work. In the terms of service, the 2FA is YOUR RESPONSIBILITY to keep safe, because in practice, it is designed to give your account a very robust, additional security control.
If an attacker logs into your account and drains your balance, this will be repeated to you by Fortune Jack like it has in past cases. The 2FA is your responsibility since you are in control of it.
The truth is, this control is broken, and through multiple emails, messages, video walkthroughs, etc. I have not heard a single word in response, and they just close my tickets.
My advice: Do not leave a balance on your account when you are not actively playing.
As soon as I have a break in my schedule today, I will post a video of the same process that I sent to them, using a random account I will pull from their user list.
I never once asked for any kind of request for compensation, any reward, or made threats of any kind from the moment I found out about this. I tried to be a professional as possible, but for whatever reason, it does not seem like they have any concern that their site is failing at implementing security procedures for very crucial steps in keeping all of your accounts safe.
. 
lol. But, if this keeps up I will eventually get something in return as well and be right enough to claim a good return. 