Topic: Lack of bug bounties from gambling platforms (Read 786 times)

Another powerful and simple reason about why we may see less bug bounties has to do with the enormous amounts of money which move in casinos these days, on the early days when cryptocurrency casinos were not that popular they needed the help of their users to try to find bugs on their code, but now when they are earning so much money it makes more sense for them to hire the best security experts they can find and this has decreased the need casino owners have of the community to find bugs on their own.

Right, there's more security on them these days and that's why there's not much of bug bounties anymore from them. Over the time, they've learned to secure their platforms and probably hired to do it for them at most time.

Unlike the bug bounties, it will make them find for those hunters to look if something wrong is within their platform and network. While them, they've already acted on it and have hired the team responsible for looking out if some bugs are existing or if there's an exploit, they can immediately mend and detect it.

what is happening now is that indeed many casinos have a dubious or very low reputation, it is clear what you say can and very clearly most casinos do. If you don't properly analyze what you are worried about, it can happen and has often happened, but there are still many who don't realize it or have already fallen into the trap.
The practice that you say that you can't withdraw funds again after a deposit, has often happened and can't be avoided and surprisingly, many people still enjoy it and continue to adventure again at other casinos and it happens again and again.

That is very true. Their proactiveness is the reason why there are less bugs in casino sites these days.
That must be the reason why the bug bounties have decreased so much over time.
In fact, this is good because as users we are getting a finished product rather than one with bugs which can compromise our privacy as well as funds.

You cant really say that because there are new casinos which do really like to test out if there is someone in the community could able to make out some bypass of their security.It wasnt really that a bad idea, and also
they would really be just putting small amounts into their hotwallet just in case if someone do really able to make some exploits or simply could hold off that withdrawal process.So its safe to say that they could
really strenghten up their security if someone do able to successfully go into a hole.Its true on what mots people been saying here that rather than on running a bounty, it would be better if they would simply
hire specialist on security and that should really be in one go but of course it would be depending on owners budget if he could really afford on running one.

Agreed, everything promoted through our forum is among the trusted list. These Casinos have got good security systems and some platforms are even testing providing small deposit funds and withdrawal requirement if specific wagering is achieved through the deposit. In the past security system is much concerned. Even now it have got its importance, but the technology have made things more secure.

The list of popular casinos on the forum has a high security system so we have never heard of any of the top casino lists on the forum being hacked, but several other casinos have been hacked so to anticipate before the hack occurs they ensure high security by opening the bug bounty program to the public, so the test results of the bounty bug report will be immediately handled to prevent from hacking.

You made me to make some small research just Know since I was not familiar with the phrase"bug bounties". It is not compulsory that gambling websites must test run their sites for bug bounties. Bug bounties are hacking experts who check the security of the site. As for me it might not be safe unless the the bug bounties expert is a trusted friend or well Known person. If not you site will be prone to another hacking system. OP have you heard any gambling site has be attacked or hacked by hackers. As for I have not heard. Gambling websites have not done that because they have not experienced hacked and also their site maintaining personal are okay with the security aspect of the sites even though they didn't use bug bounties, they used another tools to do that job.

They for sure have their own way determining bugs existing on their platforms. They have a huge capital and they won't just allow some bugs to suck out that money they have from abusive players.

It is why we rarely see them anymore because it's likely that they have their own developers finding bugs and testing it before they deploy it to their casino with those features that they have.

For the bug bounty hunters, there are many websites out there that you can find and it's only going to cost you a few minutes of searching them and it's not just for casinos.

I think it works, but without official awards. You can buy a security check. Nobody wants to risk a gambler's deposit if someone hacks into the system. The best solution is to simulate an attack, for example, on a backup copy. And I think that at the same time, if someone finds a security problem and tells the casino about it, they will receive a reward without a bounty.

Maybe because there are less bugs in a gambling website than compare to other websites. There were bugs but those are only minor and then they don't came up often. It can only be handled by their own developers. There is no need for them to spend extra dollars but instead those are only be used for promotions or marketing to help them reach out more players. I don't know about you but I rarely saw a gambling site right now that are being hacked. If there are events like that in the crypto space then most of them are only from defi projects and crypto exchangers.

You mean gambling sites which has the best security? Well obviously those sites which are currently at the top like stake.com, because they have a lot of users. They need to protect them so that their reputation won't be affected. With the income they have, they can hire the best devs to always improve their security.

From my view i noticed most gambling site or most of the already launched gambling site do have professional team members who then after building the site would test run before finally launching it, btw they would make sure all security majors have been taking care off before the launched over here, making it free from debugging., ie, they launched without running a bug bounty. The more we keep advancing the more we get dip into security protection and mostly gambling sites are hardly being hacked unlike the CEX.

Some gambling Sites uses
Devnet, Stagenet and lastly before Mainnet..
I will be very brief in my explanation to enable you get the processes

The Devnet as the names implies is a developing stage, which if any errors can be easily fix and continue building the gambling site. Stagenet is more of debugging and can undergo all manner of testing before or after going final to mainnet (Launch) at this point only team members or developer could run the bug without launching a general bug bounty, and finally if any bug was find along the line it would be easily fixed. This stagenet takes longer time, the dev will make sure no error, no vulnerabilities (debugging) and doesn't operates as Mainnet.

Lastly, Mainnet (Final Stage) is the already made or already launched gambling site where all debugging has already been taking care of, at this point could be released to the public just like me and you that have access to click and operates from various countries and you could be wondering how they launched without running a bug bounty.

I hope this explanation really help you.

To this I will add that even if you could create code that is perfectly safe now this does not mean that eventually vulnerabilities will not be found in the future, in fact that is how most vulnerabilities are found, as even if you follow the best standards possible eventually hackers will find new vulnerabilities that no one knew that existed and for which no one planned ahead, so you need experts in security which try to break your code once in a while so you know your code is relatively safe and the chances your website is hacked are as low as possible.

You are right, the casino will pay high if there is still a weak security problem because according to the team it has protected high security, but for low reputation casinos don't care about the bug bounty campaign because the casino is not aiming for the long term even some casinos are very vulnerable to use because they don't can withdraw funds again after the deposit.

Nit necessarily true. You can be a good coder/dev but you still can make mistakes and write vulnerable codes. Besides, coders usually focus on delivering a working product and don't pay too much attention to security.
Another reason why you need to hire pentesters or white hackers is that not only the software can be vulnerable but also the server it runs on, the APIs it uses and even the project team members and the staff.

I guess it's a good way to introduce a new casino? It's true that hiring a professional help will be much more easier and efficient but I think fortunejack did before is to engage with the community especially that time, They introduced a new revamped casino. People try finding bug but unconsciously we found information about that casino and what it truly makes great. I guess it's effective since I remember it till now?

That is a good point actually. Many gambling sites are hosting games which are provided by a 3rd party.
So the hassle to maintain the code and security is gone from that perspective. This is a smart move though.
All they have to do then is maintain the integration and front end which is easy to maintain.
So the chances of bugs are less and may be that's why they are not hosting any bug bounties these days.

I don't think these engines have a security team... The security comes from the development of the site, so the coders must know about security and apply that knowledge while they code the site. And have developers on one side and a security team in other side is a big mistake, that must be done together.

I'm sure most casino owners do an alpha and beta testing (closed not open for everyone) before introducing their product to the public. Those testing phases are important and can help to identify some bugs and vulnerabilities so the devs can fix them. But it's not enough since testing the security of the platform (pentesting) must be a continuous job.
Although most casinos do not conduct bug bounty programs on this forum (except for fortunejack) , I recall seeing many of them posting their offers on bug bounty platforms such as hackerone.

Luckily for them, they aren't always a target to the Hackers, Hackers only target crypto exchanges, I might be wrong though, so I am open to take corrections, but my opinion is based on the fact that since I got into crypto on 2016, I've not come across the news stating that a gambling site was hacked and a certain amount of money was stolen, all the news keep associating with Hacking is cryptocurrency exchanges.
So I honestly think that the non chalant attitude of crypto casinos on the discussion of bug bounty is solely because Hacking cryptocurrency casinos is not as common as Hacking  cryptocurrency exchanges.