So basically, I deposited 0.19 ETH on the 26th of December. I played some games and made it to 0.44 ETH which I left on there. While I know I should've cashed out, I left my coins thinking I'd keep playing later. The next day, I noticed an email about a cashout request, which hasn't been opened whereas my email has 2FA, but MBITCASINO.COM processed the transaction 2 hours before any of this came to my knowledge. Either someone among their staff is stealing players or their security protocol is useless as they're requiring the player to confirm when a new address is used. This was the case as it wasn't me requesting the cashout. I then went on live support explaining my issue, for which their answer was basically, you should have activated 2FA we couldn't care less. The problem is that nobody confirmed the email request, so what would've 2FA change? "my email has it". This can only come from their end.
I know this is not a huge amount, at worse that'll teach me not to trust casinos registered in some third world islands, but I played a considerable amount before that incident and it just has pissed me considering the obvious non-sense.
here are the conversations with the support;
Cashout request that I opened at 13:00, 2 hours after the transaction was processed;
Support answer;