Pages:
Author

Topic: Lack of bug bounties from gambling platforms (Read 798 times)

legendary
Activity: 2716
Merit: 1383
October 13, 2022, 04:04:03 PM
Maybe the casino owners are hiring full-stack developers who test their code as well develop it.
Maybe they would have hired Quality Engineers to test the complete site for UI and UX.
The reason might be anything. Besides that, if someone is good at bug bounty they can find bugs from any site and just report it to the owner.
If the site owner would be generous enough then they would reward that person anyway.
As time evolves and new developments to meet up with present security demands are constantly contended against, most casinos already have highly placed security teams that work on updating and developing new anti-bug software that will help against any bug attack and leakage. Quite a lot of other casinos that have fallen victim to bug attacks suffered badly at the hand of abusers who took advantage of such bugs to abuse the system, but now most casinos are proactive against bugs and other security challenges.

That is very true. Their proactiveness is the reason why there are less bugs in casino sites these days.
That must be the reason why the bug bounties have decreased so much over time.
In fact, this is good because as users we are getting a finished product rather than one with bugs which can compromise our privacy as well as funds.
Another powerful and simple reason about why we may see less bug bounties has to do with the enormous amounts of money which move in casinos these days, on the early days when cryptocurrency casinos were not that popular they needed the help of their users to try to find bugs on their code, but now when they are earning so much money it makes more sense for them to hire the best security experts they can find and this has decreased the need casino owners have of the community to find bugs on their own.
hero member
Activity: 2996
Merit: 580
Hire Bitcointalk Camp. Manager @ r7promotions.com
That is very true. Their proactiveness is the reason why there are less bugs in casino sites these days.
That must be the reason why the bug bounties have decreased so much over time.
In fact, this is good because as users we are getting a finished product rather than one with bugs which can compromise our privacy as well as funds.
Right, there's more security on them these days and that's why there's not much of bug bounties anymore from them. Over the time, they've learned to secure their platforms and probably hired to do it for them at most time.

Unlike the bug bounties, it will make them find for those hunters to look if something wrong is within their platform and network. While them, they've already acted on it and have hired the team responsible for looking out if some bugs are existing or if there's an exploit, they can immediately mend and detect it.
sr. member
Activity: 2436
Merit: 267
Hire Bitcointalk Camp. Manager @ r7promotions.com
Individual platforms has a way to do that to there safety so if you don't see bug bounty from casinos the. You need to understand that they have better ways they do check their site for better safety.
You are right, the casino will pay high if there is still a weak security problem because according to the team it has protected high security, but for low reputation casinos don't care about the bug bounty campaign because the casino is not aiming for the long term even some casinos are very vulnerable to use because they don't can withdraw funds again after the deposit.
what is happening now is that indeed many casinos have a dubious or very low reputation, it is clear what you say can and very clearly most casinos do. If you don't properly analyze what you are worried about, it can happen and has often happened, but there are still many who don't realize it or have already fallen into the trap.
The practice that you say that you can't withdraw funds again after a deposit, has often happened and can't be avoided and surprisingly, many people still enjoy it and continue to adventure again at other casinos and it happens again and again.
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
Maybe the casino owners are hiring full-stack developers who test their code as well develop it.
Maybe they would have hired Quality Engineers to test the complete site for UI and UX.
The reason might be anything. Besides that, if someone is good at bug bounty they can find bugs from any site and just report it to the owner.
If the site owner would be generous enough then they would reward that person anyway.
As time evolves and new developments to meet up with present security demands are constantly contended against, most casinos already have highly placed security teams that work on updating and developing new anti-bug software that will help against any bug attack and leakage. Quite a lot of other casinos that have fallen victim to bug attacks suffered badly at the hand of abusers who took advantage of such bugs to abuse the system, but now most casinos are proactive against bugs and other security challenges.

That is very true. Their proactiveness is the reason why there are less bugs in casino sites these days.
That must be the reason why the bug bounties have decreased so much over time.
In fact, this is good because as users we are getting a finished product rather than one with bugs which can compromise our privacy as well as funds.
sr. member
Activity: 2296
Merit: 360
You made me to make some small research just Know since I was not familiar with the phrase"bug bounties". It is not compulsory that gambling websites must test run their sites for bug bounties. Bug bounties are hacking experts who check the security of the site. As for me it might not be safe unless the the bug bounties expert is a trusted friend or well Known person. If not you site will be prone to another hacking system. OP have you heard any gambling site has be attacked or hacked by hackers. As for I have not heard. Gambling websites have not done that because they have not experienced hacked and also their site maintaining personal are okay with the security aspect of the sites even though they didn't use bug bounties, they used another tools to do that job.
The list of popular casinos on the forum has a high security system so we have never heard of any of the top casino lists on the forum being hacked, but several other casinos have been hacked so to anticipate before the hack occurs they ensure high security by opening the bug bounty program to the public, so the test results of the bounty bug report will be immediately handled to prevent from hacking.
Casinos must not come here to create bounty for people to try there luck to see how they can hack a casino which I see like a not good way to keep the security of a casino to a high standards. There are various ways to do that which can be very strict without any bounty. Many of the casinos I know have insurance that cam protect them in case of hack or attack from hackers.
You cant really say that because there are new casinos which do really like to test out if there is someone in the community could able to make out some bypass of their security.It wasnt really that a bad idea, and also
they would really be just putting small amounts into their hotwallet just in case if someone do really able to make some exploits or simply could hold off that withdrawal process.So its safe to say that they could
really strenghten up their security if someone do able to successfully go into a hole.Its true on what mots people been saying here that rather than on running a bounty, it would be better if they would simply
hire specialist on security and that should really be in one go but of course it would be depending on owners budget if he could really afford on running one.
hero member
Activity: 2618
Merit: 548
DGbet.fun - Crypto Sportsbook
You made me to make some small research just Know since I was not familiar with the phrase"bug bounties". It is not compulsory that gambling websites must test run their sites for bug bounties. Bug bounties are hacking experts who check the security of the site. As for me it might not be safe unless the the bug bounties expert is a trusted friend or well Known person. If not you site will be prone to another hacking system. OP have you heard any gambling site has be attacked or hacked by hackers. As for I have not heard. Gambling websites have not done that because they have not experienced hacked and also their site maintaining personal are okay with the security aspect of the sites even though they didn't use bug bounties, they used another tools to do that job.
The list of popular casinos on the forum has a high security system so we have never heard of any of the top casino lists on the forum being hacked, but several other casinos have been hacked so to anticipate before the hack occurs they ensure high security by opening the bug bounty program to the public, so the test results of the bounty bug report will be immediately handled to prevent from hacking.
Agreed, everything promoted through our forum is among the trusted list. These Casinos have got good security systems and some platforms are even testing providing small deposit funds and withdrawal requirement if specific wagering is achieved through the deposit. In the past security system is much concerned. Even now it have got its importance, but the technology have made things more secure.
sr. member
Activity: 832
Merit: 286
DGbet.fun - Crypto Sportsbook
You made me to make some small research just Know since I was not familiar with the phrase"bug bounties". It is not compulsory that gambling websites must test run their sites for bug bounties. Bug bounties are hacking experts who check the security of the site. As for me it might not be safe unless the the bug bounties expert is a trusted friend or well Known person. If not you site will be prone to another hacking system. OP have you heard any gambling site has be attacked or hacked by hackers. As for I have not heard. Gambling websites have not done that because they have not experienced hacked and also their site maintaining personal are okay with the security aspect of the sites even though they didn't use bug bounties, they used another tools to do that job.
The list of popular casinos on the forum has a high security system so we have never heard of any of the top casino lists on the forum being hacked, but several other casinos have been hacked so to anticipate before the hack occurs they ensure high security by opening the bug bounty program to the public, so the test results of the bounty bug report will be immediately handled to prevent from hacking.
hero member
Activity: 700
Merit: 577
Why aren't gambling websites using bug bounties to test-run their platform security? I haven't seen any gambling platform doing this, maybe that's why most gambling websites became prone to hacking? If I am wrong what gambling project do you think have the most secured system?, peace.

You made me to make some small research just Know since I was not familiar with the phrase"bug bounties". It is not compulsory that gambling websites must test run their sites for bug bounties. Bug bounties are hacking experts who check the security of the site. As for me it might not be safe unless the the bug bounties expert is a trusted friend or well Known person. If not you site will be prone to another hacking system. OP have you heard any gambling site has be attacked or hacked by hackers. As for I have not heard. Gambling websites have not done that because they have not experienced hacked and also their site maintaining personal are okay with the security aspect of the sites even though they didn't use bug bounties, they used another tools to do that job.
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
^But, why this is very rare now, what I mean is why most casinos did not run a bug bounty campaign.
I know it will add their cost but I think this is a proper way to know publicly the bug and their developer can quickly resolve it.
I think the best way in a new gambling casino is while having a signature campaign they also conduct a bug bounty campaign so that it will give boost to their improvement and progress.
One thing is for sure, we don't know what each of the casinos reason why they don't do that anymore. Possible that they already have their own providers for that task and that's why it's no longer needed.

If we don't see it most often then it only means that it's not needed anymore because they've got something that's doing it for them. As it is becoming rare, someone may want to ask that directly from them.
or maybe they have found a way to find Bug , or something offering directly so there is not need for Bounty inside the forum.
They for sure have their own way determining bugs existing on their platforms. They have a huge capital and they won't just allow some bugs to suck out that money they have from abusive players.

It is why we rarely see them anymore because it's likely that they have their own developers finding bugs and testing it before they deploy it to their casino with those features that they have.

For the bug bounty hunters, there are many websites out there that you can find and it's only going to cost you a few minutes of searching them and it's not just for casinos.
hero member
Activity: 2548
Merit: 769
Why aren't gambling websites using bug bounties to test-run their platform security? I haven't seen any gambling platform doing this, maybe that's why most gambling websites became prone to hacking? If I am wrong what gambling project do you think have the most secured system?, peace.
I think it works, but without official awards. You can buy a security check. Nobody wants to risk a gambler's deposit if someone hacks into the system. The best solution is to simulate an attack, for example, on a backup copy. And I think that at the same time, if someone finds a security problem and tells the casino about it, they will receive a reward without a bounty.
legendary
Activity: 2044
Merit: 1075
Leading Crypto Sports Betting & Casino Platform
Maybe because there are less bugs in a gambling website than compare to other websites. There were bugs but those are only minor and then they don't came up often. It can only be handled by their own developers. There is no need for them to spend extra dollars but instead those are only be used for promotions or marketing to help them reach out more players. I don't know about you but I rarely saw a gambling site right now that are being hacked. If there are events like that in the crypto space then most of them are only from defi projects and crypto exchangers.

If I am wrong what gambling project do you think have the most secured system?, peace.
You mean gambling sites which has the best security? Well obviously those sites which are currently at the top like stake.com, because they have a lot of users. They need to protect them so that their reputation won't be affected. With the income they have, they can hire the best devs to always improve their security.
hero member
Activity: 1428
Merit: 653
Leading Crypto Sports Betting & Casino Platform
From my view i noticed most gambling site or most of the already launched gambling site do have professional team members who then after building the site would test run before finally launching it, btw they would make sure all security majors have been taking care off before the launched over here, making it free from debugging., ie, they launched without running a bug bounty. The more we keep advancing the more we get dip into security protection and mostly gambling sites are hardly being hacked unlike the CEX.

Some gambling Sites uses
Devnet, Stagenet and lastly before Mainnet..
I will be very brief in my explanation to enable you get the processes

The Devnet as the names implies is a developing stage, which if any errors can be easily fix and continue building the gambling site. Stagenet is more of debugging and can undergo all manner of testing before or after going final to mainnet (Launch) at this point only team members or developer could run the bug without launching a general bug bounty, and finally if any bug was find along the line it would be easily fixed. This stagenet takes longer time, the dev will make sure no error, no vulnerabilities (debugging) and doesn't operates as Mainnet.

Lastly, Mainnet (Final Stage) is the already made or already launched gambling site where all debugging has already been taking care of, at this point could be released to the public just like me and you that have access to click and operates from various countries and you could be wondering how they launched without running a bug bounty.

I hope this explanation really help you.
legendary
Activity: 2716
Merit: 1383
The security comes from the development of the site, so the coders must know about security and apply that knowledge while they code the site.
Nit necessarily true. You can be a good coder/dev but you still can make mistakes and write vulnerable codes. Besides, coders usually focus on delivering a working product and don't pay too much attention to security.
Another reason why you need to hire pentesters or white hackers is that not only the software can be vulnerable but also the server it runs on, the APIs it uses and even the project team members and the staff.
To this I will add that even if you could create code that is perfectly safe now this does not mean that eventually vulnerabilities will not be found in the future, in fact that is how most vulnerabilities are found, as even if you follow the best standards possible eventually hackers will find new vulnerabilities that no one knew that existed and for which no one planned ahead, so you need experts in security which try to break your code once in a while so you know your code is relatively safe and the chances your website is hacked are as low as possible.
sr. member
Activity: 832
Merit: 286
DGbet.fun - Crypto Sportsbook
Individual platforms has a way to do that to there safety so if you don't see bug bounty from casinos the. You need to understand that they have better ways they do check their site for better safety.
You are right, the casino will pay high if there is still a weak security problem because according to the team it has protected high security, but for low reputation casinos don't care about the bug bounty campaign because the casino is not aiming for the long term even some casinos are very vulnerable to use because they don't can withdraw funds again after the deposit.
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
The security comes from the development of the site, so the coders must know about security and apply that knowledge while they code the site.
Nit necessarily true. You can be a good coder/dev but you still can make mistakes and write vulnerable codes. Besides, coders usually focus on delivering a working product and don't pay too much attention to security.
Another reason why you need to hire pentesters or white hackers is that not only the software can be vulnerable but also the server it runs on, the APIs it uses and even the project team members and the staff.
legendary
Activity: 2492
Merit: 1145
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
Why aren't gambling websites using bug bounties to test-run their platform security? I haven't seen any gambling platform doing this, maybe that's why most gambling websites became prone to hacking? If I am wrong what gambling project do you think have the most secured system?, peace.
Maybe because they hired someone to the penetration teating and have someone tested the site? I joined fortune jack bug campaign before and It's pretty fun because you will explore all of the function of the website and try to find bug from it. I'ved tried bug bounty once and I personally like it because it's fun and you can gain knowledge from the experience.
Hiring someone to monitor the site from time to time are more ideal if you are planning to stay longer, top sites have the team handling this one so maybe this is one of the reason why bug bounties are no longer active. I remember that fortune jack, and the usual bug are the graphic bug, or at least a missing letter which can easily only if you have the professional team. Bug bounties might not be effective that much, that’s why new site today choose not to have this.
I guess it's a good way to introduce a new casino? It's true that hiring a professional help will be much more easier and efficient but I think fortunejack did before is to engage with the community especially that time, They introduced a new revamped casino. People try finding bug but unconsciously we found information about that casino and what it truly makes great. I guess it's effective since I remember it till now?
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
May be the casino owners are hiring full stack developers who test their code as well develop it.
May be they would have hired Quality Engineers to test the complete site for UI and UX.
Reason might be anything. Besides that, if someone is really good at bug bounty they can find bugs from any site and just report it to the owner.
If the site owner would be generous enough then they would reward that person anyway.

This is always the case right now. Casino has there own employee to oversee the security of the casino due to the huge amount of money involved nowadays in the casino. They are now investing on security compared before that they do it by themselves with the help of this bug bounty hunter. I remember that some abused this before by attacking the casino and reported it as bug to claim rewards.

Nowadays those critical bug is already solved since most the games are now coming from 3rd party which has license and audit properly.

That is a good point actually. Many gambling sites are hosting games which are provided by a 3rd party.
So the hassle to maintain the code and security is gone from that perspective. This is a smart move though.
All they have to do then is maintain the integration and front end which is easy to maintain.
So the chances of bugs are less and may be that's why they are not hosting any bug bounties these days.
legendary
Activity: 3346
Merit: 3130
...
The better sites have a dedicated security team that works on security all the time of their site.

I don't think these engines have a security team... The security comes from the development of the site, so the coders must know about security and apply that knowledge while they code the site. And have developers on one side and a security team in other side is a big mistake, that must be done together.
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
I'm sure most casino owners do an alpha and beta testing (closed not open for everyone) before introducing their product to the public. Those testing phases are important and can help to identify some bugs and vulnerabilities so the devs can fix them. But it's not enough since testing the security of the platform (pentesting) must be a continuous job.
Although most casinos do not conduct bug bounty programs on this forum (except for fortunejack) , I recall seeing many of them posting their offers on bug bounty platforms such as hackerone.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
Why aren't gambling websites using bug bounties to test-run their platform security? I haven't seen any gambling platform doing this, maybe that's why most gambling websites became prone to hacking? If I am wrong what gambling project do you think have the most secured system?, peace.
Luckily for them, they aren't always a target to the Hackers, Hackers only target crypto exchanges, I might be wrong though, so I am open to take corrections, but my opinion is based on the fact that since I got into crypto on 2016, I've not come across the news stating that a gambling site was hacked and a certain amount of money was stolen, all the news keep associating with Hacking is cryptocurrency exchanges.
So I honestly think that the non chalant attitude of crypto casinos on the discussion of bug bounty is solely because Hacking cryptocurrency casinos is not as common as Hacking  cryptocurrency exchanges.
Pages:
Jump to: