If you have a dynamic Ip like mine, you will get asked everytime to do that. It's a sort of 2fa via mail.
It's probably best to activate 2FA. Going through email every time will surely become a pain. Also time-based 2FA is the safer option...
Topic: Hack Into BitDice And Get 1BTC! - page 7. (Read 6808 times)
It's probably best to activate 2FA. Going through email every time will surely become a pain. Also time-based 2FA is the safer option...
If you have a dynamic Ip like mine, you will get asked everytime to do that. It's a sort of 2fa via mail.
I checked and found that you have a very good system for the security of accounts of the members but I have a question that will it have any effect on those members who have dynamic IP addresses? is that system affected by IPs or only on the device used for?
It is actually very nice idea of showing people that your security is more robust than competition. So if someone successfully get access to that hack_me account he can withdraw the money freely?
Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?
If you'll have the complete access to email account, then you would be able to withdraw 1 btc freely as advertised. you might even get rewarded more, if you explain in detail how were you able to bypass/hack. Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?
It is actually very nice idea of showing people that your security is more robust than competition. So if someone successfully get access to that hack_me account he can withdraw the money freely?
Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?
Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?
I can pretty much guarantee it can be withdrawn without problems if people get in the account. It probably won't be an easy task though xD
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login.
Whoever able to acces the email of the account then he will get the 1btc easily.
I can't see the simplicity of that hack test program but as i've see its near to impossible to get that bounty since surely the admin put some tighten security to that accounts aswell as in his site so he can make sure and assure that theyre storing system is truly safe, this test would be a great example for that, and brute force cannot truly guarantee that we can hack the gmail used by the said account since passwords given by it is not truly accurate.
It is actually very nice idea of showing people that your security is more robust than competition. So if someone successfully get access to that hack_me account he can withdraw the money freely?
Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?
Because I have a feeling that he will be be greeted by "withdrawal denied" message. Also if you are a regular user you are not forced to confirm your log in attempts with an email every time?
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login.
Whoever able to acces the email of the account then he will get the 1btc easily.
I can't see the simplicity of that hack test program but as i've see its near to impossible to get that bounty since surely the admin put some tighten security to that accounts aswell as in his site so he can make sure and assure that theyre storing system is truly safe, this test would be a great example for that, and brute force cannot truly guarantee that we can hack the gmail used by the said account since passwords given by it is not truly accurate.
This iz just a joke really i can give my password @polo and let them get 2fa to get in it doesnt work like that hackers are much smarter 90% of all hacks is user related not site
While I liked this but the problem is that when you provide a particular account you have better safety for it, no ?
I mean if my account is hacked then the hacker might also get the IP address and hence the system won't ask for a email confirmation while since you provided details directly we don't know the country and hence system asks email obviously.
I mean if my account is hacked then the hacker might also get the IP address and hence the system won't ask for a email confirmation while since you provided details directly we don't know the country and hence system asks email obviously.
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login.
Whoever able to acces the email of the account then he will get the 1btc easily.
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
You only need to login with that account then you can withdraw the available balance on the account (1btc). Sounds simple, right? But the hard thing to do is to login because you need confirmation email to login.
Whoever able to acces the email of the account then he will get the 1btc easily.
so what exactly do we have to do to get 1 btc?
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
login into hack_me account? disrupt the site's operation? manipulate a bet's outcome?
its rather vague to be honest
Oh nice feature but if someone really wanted to get into someones account and got a hold of their account my guess is their computer was infected.
So they could just login remotely through the users profile and cash out, in most cases if you got their password they got keylogged which means they likely got that email pass.
I think the most common way to obtain someone's password is by a database leak and by using the same password on multiple sites. So: 1) hack some (more insecure) bitcoin site 2) get usernames/passwords 3) try on all gambling sites.So they could just login remotely through the users profile and cash out, in most cases if you got their password they got keylogged which means they likely got that email pass.
Another example: I could create a faucet site, "get some free bits by just signing up". Meanwhile I am obtaining all usernames/passwords from those users and try them on gambling sites (and exchanges etc.)
Also phishing sites are pretty common, but so far mostly for blockchain.info and bitcoin exchanges (haven't seen many for gambling sites yet.)
I think those situations are more common than some targeted keylogger. For those situations, this protection by BitDice works pretty well. Still if they use the same password for their email... obvious they can still be hacked
Well this is that easy to get that 1 Bitcoin,
The only thing that you can claim this 1 bitcoin is to login or to know also the password of email that use in that account.
This is waste of time instead.
The only thing that you can claim this 1 bitcoin is to login or to know also the password of email that use in that account.
This is waste of time instead.
Oh nice feature but if someone really wanted to get into someones account and got a hold of their account my guess is their computer was infected.
So they could just login remotely through the users profile and cash out, in most cases if you got their password they got keylogged which means they likely got that email pass.
So they could just login remotely through the users profile and cash out, in most cases if you got their password they got keylogged which means they likely got that email pass.
Not even going to bother. 
With 2FA enabled it is next to impossible to crack into someone's account.
That is one of the great way to secured every account or members who joined and i think there is no other way to hack the site unless if there is a bug happen.. not always the site is protected and i think there is always a bug happen for every site.With 2FA enabled it is next to impossible to crack into someone's account.
If there is a new ways to inject some script in the site that can destroy the website that can get bugs by some members.. but for now the security was updated and i think if they are doing this to post just to hack the website they are still not protected and they are still looking for other bugs that they can fix as soon as possible.. just like from other site that i heard like yobit before that someone found a bug but he gain almost 0.1 as reward by yobit..
Wow nice bounty offer you got there but I wish I was a skilled programmer and I have read that NLNico is the one who help Baryom for his bitsler website for this security measures and Baryom vouch him for good work, maybe he can help you for this thing. As quoted below,
Thanks As bitsler's main admin, I can vouch for NLnico who have made a great work with us. He is very skilled and professional. He gave us full explanation + fix.
Thanks again !
Thanks again !
I actually tried some basic things right after seeing this thread, but I am afraid I am unable to bypass this device/IP-check 
one more security feature of sms authorization
SMS is actually really insecure way: http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones non-SMS 2FA is much better.Glad you didn't find any way to bypass it
Means it's quite secure...I also read that kraken blog a while ago and it immediately made me switch from Authy. Some good points made there...
Wow nice bounty offer you got there but I wish I was a skilled programmer and I have read that NLNico is the one who help Baryom for his bitsler website for this security measures and Baryom vouch him for good work, maybe he can help you for this thing. As quoted below,
Thanks As bitsler's main admin, I can vouch for NLnico who have made a great work with us. He is very skilled and professional. He gave us full explanation + fix.
Thanks again !
Thanks again !
I actually tried some basic things right after seeing this thread, but I am afraid I am unable to bypass this device/IP-check one more security feature of sms authorization
SMS is actually really insecure way: http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones non-SMS 2FA is much better. 
To prove our security, we run a HackMe event. I've tipped user hack_me with 1BTC.
Here's registration email: [email protected]
And password: Jy45kFbGJX9n5q8
Yes! We've posted password from an account with 1BTC on it. Simply sign-in and take it
Couldn't? Well, that's because our security is so safe that even leaking your password can't do anything bad. We are safer than Bitfinex
User hack_me was registered with default settings, nothing has been changed under his profile.
Join to one of the safest casino worldwide.
In BitDice We Trust!
The security feature which you are telling is used by so many exchanges and sites, even coinbase is also very strong exchange due to they also implemented the email authorization and sms authorization if you are using any other IP address which is not authorized.
So if you add one more security feature of sms authorization then your site will become more secure as if anyone hacks email account then they can access the site but hacker cannot hack the mobile number
Jump to: