Pages:
Author

Topic: Hack Into BitDice And Get 1BTC! (Read 6829 times)

newbie
Activity: 12
Merit: 0
December 27, 2017, 12:21:57 PM
Bullshit!
legendary
Activity: 1184
Merit: 1013
December 27, 2017, 11:11:13 AM
Giving away login details of an account worth 1BTCs
This definitely a very effective way to boast your security, not to mention it is strong enough to not be bypassed in almost a month now.
In my knowledge, the only way to claim those bitcoins is either by hacking the provided email
or
by identifying and hacking the people who've logged into that account with their browser to steal their browser cookies and signatures.
Both of above methods are extremely difficult, really great security.
hero member
Activity: 776
Merit: 522
December 27, 2017, 10:30:16 AM
Just a small update as requested...

No one was able to get that bitcoin. One year ago it was a mere 1000 USD, and it's almost 16.000 USD now and still sits on that account Wink

And again. An account does not have any special security settings. No 2FA, no nothing. That's a level of security you get just by creating an account. You can increase and tighten the security much more with white-list addresses, white-list IPs, and 2FA.

Regards,
Alex.
full member
Activity: 420
Merit: 171
December 24, 2017, 12:39:56 PM
Even 2fa authorization is bounced with this kind of high level pro security in terms of unbackable account, which really proves that in order to hack an account you must access first the gmail for more information's and update,  well haven't try bitdice at all but same as what the others say from few pages. This is a good assurance of the site, challenging to hack an account revealing a password is so very risky but don't have to worry at all since the devs are confident with their security. Kudos.
hero member
Activity: 672
Merit: 500
ADAMANT — the most secure and anonymous messenger
December 24, 2017, 09:28:29 AM
That is hard to believe that noone has been able to crack this and hack that bitcoin. I tried a few methods i could think of but i got nowhere. So i need to know just for my knowing if anyone was actually able to bypass their security measures. I am more curious to see if someone did beat this challenge but no one bothered to post the results or if this sites gamble paid off and no one has hacked them yet.
newbie
Activity: 28
Merit: 0
December 20, 2017, 05:39:01 PM
I don't know much about computer security but that is a great bounty for you
hero member
Activity: 2996
Merit: 609
December 20, 2017, 03:54:12 PM
It has been over one year for this to be done.
I think it is safe to say that no one will be able to do it. Unless they have had a breach already and patched it up.
From what I remember reading of this thread before there was something with an email address getting hacked into but that was not an issue to the site's security one bit.

So best to call off this contest if it hasn't been in over a year now.
You guys are good! Wink
I have remembered in the past regarding this competition or challenge made by bitdice and now i have read it again and it seems no one did able to get in to get that 1 btc price. Im pretty sure that there still people who do tried out upto these days trying out again considering that 1 btc price is almost $17k usd as of moment which is a worthy bounty.
hero member
Activity: 1008
Merit: 1012
December 20, 2017, 02:15:50 PM
It has been over one year for this to be done.
I think it is safe to say that no one will be able to do it. Unless they have had a breach already and patched it up.
From what I remember reading of this thread before there was something with an email address getting hacked into but that was not an issue to the site's security one bit.

So best to call off this contest if it hasn't been in over a year now.
You guys are good! Wink
hero member
Activity: 896
Merit: 514
December 20, 2017, 02:03:27 PM
Nice additional security feature now everyone is curious how to hack the mail address provided then if 2fa is installed on email another work.

Hmm, why would you want to hack the email though? I don't think the 2fa code is stored in the email, though I do see that point of using the email to create a support ticket saying that it the owner lost the 2fa keys. Problem is I don't think this is part of the hack bounty of BitDice or any other site for that matter as if you are able to hack the email then that means the one that is unsecure is the email and no longer the site.
newbie
Activity: 21
Merit: 0
December 20, 2017, 07:17:23 AM
Nice additional security feature now everyone is curious how to hack the mail address provided then if 2fa is installed on email another work.
hero member
Activity: 1680
Merit: 655
December 19, 2017, 05:17:22 AM
That is the best thing about 2FA security as it is an added layer of security for the user. I have done it in the past as passwords simply couldn't make me comfortable to sleep at night. However 2 factor authentication are kinda annoying sometimes as there are days that you just want to log-in into your account and play having 2fa always on will make you soend a few extra seconds in order to proceed to the site.
legendary
Activity: 3808
Merit: 1723
December 19, 2017, 02:44:14 AM

To prove our security, we run a HackMe event. I've tipped user hack_me with 1BTC.

Here's registration email: [email protected]
And password: Jy45kFbGJX9n5q8

Yes! We've posted password from an account with 1BTC on it. Simply sign-in and take it Smiley

Couldn't? Well, that's because our security is so safe that even leaking your password can't do anything bad. We are safer than Bitfinex  Grin

User hack_me was registered with default settings, nothing has been changed under his profile.

Join to one of the safest casino worldwide.

In BitDice We Trust!



Great news. I believe that BitDice will be the best casino in the sphere of gambling.

You know what.

If you really want to spam your sig in the least amount of work possible. Due some work and try to avoid bumping a thread that was created over a year ago and its irrelevent.

Doing so mods will either remove your posts or contact your affiliate manager and have yourself get booted from the signature campaign.

This thread should be locked right now.
sr. member
Activity: 864
Merit: 260
December 19, 2017, 02:24:36 AM

To prove our security, we run a HackMe event. I've tipped user hack_me with 1BTC.

Here's registration email: [email protected]
And password: Jy45kFbGJX9n5q8

Yes! We've posted password from an account with 1BTC on it. Simply sign-in and take it Smiley

Couldn't? Well, that's because our security is so safe that even leaking your password can't do anything bad. We are safer than Bitfinex  Grin

User hack_me was registered with default settings, nothing has been changed under his profile.

Join to one of the safest casino worldwide.

In BitDice We Trust!



Great news. I believe that BitDice will be the best casino in the sphere of gambling.
hero member
Activity: 2996
Merit: 609
March 22, 2017, 05:45:11 AM
If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear.  Wink

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.
But did it not get hacked into and that guy stole 38 BTC from the site's wallet?
But that was using the bct talk account password to retrieve access to the casino bank wallet.
So that attempt didn't count am I correct? Or is that totally something different all together with doing something completely illegal?
I think it ended up with the owner paying out those funds out to people who's funds were lost in the hack.
It was all very confusing because it spilled over from an accusation thread against that use and into the campaign thread going back and forth. Embarrassed

That isn't accurate. 38 btc was not stolen from the site's wallet in any hack. You'll need to re-read that accusation thread for more information regarding that but nothing was stolen from the site's wallet.

Ofc it's not accurate! This...HYIP-Ponzi admin/owner that want's back (?) 38BTC, hack somehing but this is not the BitDice account with the 1BTC on it.
He hacked the forum account of the owner of BitDice and still want back money that don't belong to him from the start of his "great" career as a scammer... Roll Eyes
Theres no connection between this challenge and those situation which happen on the past and also theres no need to bump this thread since its already 3 months passed and no one could able to do this challenge on hacking the site. If until now theres no one could able to get on the 1 btc on the account given then im sure security of this website is good enough and could increase more trust regarding on handling funds.
hero member
Activity: 1358
Merit: 513
March 22, 2017, 05:37:12 AM
If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear.  Wink

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.
But did it not get hacked into and that guy stole 38 BTC from the site's wallet?
But that was using the bct talk account password to retrieve access to the casino bank wallet.
So that attempt didn't count am I correct? Or is that totally something different all together with doing something completely illegal?
I think it ended up with the owner paying out those funds out to people who's funds were lost in the hack.
It was all very confusing because it spilled over from an accusation thread against that use and into the campaign thread going back and forth. Embarrassed

That isn't accurate. 38 btc was not stolen from the site's wallet in any hack. You'll need to re-read that accusation thread for more information regarding that but nothing was stolen from the site's wallet.

Ofc it's not accurate! This...HYIP-Ponzi admin/owner that want's back (?) 38BTC, hack somehing but this is not the BitDice account with the 1BTC on it.
He hacked the forum account of the owner of BitDice and still want back money that don't belong to him from the start of his "great" career as a scammer... Roll Eyes
legendary
Activity: 1736
Merit: 1023
March 22, 2017, 12:04:51 AM
If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear.  Wink

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.
But did it not get hacked into and that guy stole 38 BTC from the site's wallet?
But that was using the bct talk account password to retrieve access to the casino bank wallet.
So that attempt didn't count am I correct? Or is that totally something different all together with doing something completely illegal?
I think it ended up with the owner paying out those funds out to people who's funds were lost in the hack.
It was all very confusing because it spilled over from an accusation thread against that use and into the campaign thread going back and forth. Embarrassed

That isn't accurate. 38 btc was not stolen from the site's wallet in any hack. You'll need to re-read that accusation thread for more information regarding that but nothing was stolen from the site's wallet.
hero member
Activity: 728
Merit: 500
EtherSphere - Social Games
March 21, 2017, 01:42:14 PM
If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear.  Wink

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.
But did it not get hacked into and that guy stole 38 BTC from the site's wallet?
But that was using the bct talk account password to retrieve access to the casino bank wallet.
So that attempt didn't count am I correct? Or is that totally something different all together with doing something completely illegal?
I think it ended up with the owner paying out those funds out to people who's funds were lost in the hack.
It was all very confusing because it spilled over from an accusation thread against that use and into the campaign thread going back and forth. Embarrassed
newbie
Activity: 14
Merit: 0
December 30, 2016, 09:44:49 PM
I just don't have the free time to keep going I only did a standard testing for things like XSS vulns and Unicorn scan, Vega scan's + a few other of my own tests. and after speaking with the admin and "squeezing" some server info from him It became clear that they are taking customer security very seriously.

But from what I did try and test there "most what your average hacker" would try or have access too without trying to damage the site in anyway it was very secure.

So they get a thumbs up from me.



newbie
Activity: 3
Merit: 0
December 30, 2016, 09:33:48 PM
Well 2fa can be bypassed by doing whats called a "Sim Swap" But you would need to know the number registered and the details of the mobile phone account (social engineering) contact the network tell them you have lost your phone but you have a new simcard for there network could they port the number over to the new sim (Not as hard as it sounds... 10 min later you have targets phone number ready for the 2FA code..

Yes hacking the admin would be a fairly easy way to go after the site as a whole

With the bitcoin price soaring for 2017 sites like this are going to need to keep a keen eye on security.. Look what happens to gox and others when the price went high. the attackers came out the wood work and hit hard.. with the massive explosion in casino's and dice games. it could be a nightmare waiting to happen for gamblers and exchange users.

Thanks for the wonderful participation in this UGMZ. I'm one of your follower since i read your replies here in hacking thing. But unfortunately their server is tight and got some really good security. I thought you were so close on hacking it, but I'm wrong on that.
newbie
Activity: 14
Merit: 0
December 30, 2016, 09:08:14 PM
Well 2fa can be bypassed by doing whats called a "Sim Swap" But you would need to know the number registered and the details of the mobile phone account (social engineering) contact the network tell them you have lost your phone but you have a new simcard for there network could they port the number over to the new sim (Not as hard as it sounds... 10 min later you have targets phone number ready for the 2FA code..

Yes hacking the admin would be a fairly easy way to go after the site as a whole

With the bitcoin price soaring for 2017 sites like this are going to need to keep a keen eye on security.. Look what happens to gox and others when the price went high. the attackers came out the wood work and hit hard.. with the massive explosion in casino's and dice games. it could be a nightmare waiting to happen for gamblers and exchange users.
Pages:
Jump to: