Dear, user!
Thank you for your patience as we reviewed your case. We want to assure you that our investigation into your situation has been conducted thoroughly, and we are committed to providing you with a clear understanding of the current circumstances.
Regarding the Bug Bounty bonus, BetFury has made a resolute decision to decline the issuance of the reward. Our decision is grounded in substantial reasons, and we stand firmly by it.
First and foremost, our investigation revealed that multiple accounts were registered with what appears to be the intent of exploiting the bug you subsequently reported. It's noteworthy that transactions across these various accounts were halted on Tuesday night, the 31st of October, whereas your bug report was submitted on the same evening. This sequence of events has led us to conclude that the report was made after transactions were frozen, possibly with the intent to derive an advantage from the situation by reporting the same bug that was utilized.
Furthermore, it is crucial to clarify that the removal of the slot from the Welcome Pack on Tuesday evening was a proactive measure undertaken at the explicit request of the Risk Department. This action occurred prior to our receipt of your report and was part of our internal testing procedures. The timing may have created the impression that it was taken down after your report, which is not the case. It was purely coincidental timing.
In addition to the aforementioned reasons, our investigation also uncovered that you managed to withdraw funds obtained through a drawback in the slot machine. We take this matter seriously, and appropriate action has been taken to address this issue.
We trust that this explanation provides a comprehensive understanding of the situation, and we stand firmly by our decision. If you have any further inquiries or require additional clarification, please do not hesitate to reach out to us.
Thank you for your continued engagement with BetFury.
Sincerely,
BetFury team.
Topic: no longer relevant, delete topic (Read 487 times)
copper member
Activity: 61
Merit: 3
Social i-Gaming Crypto platform with BTC dividends
I no longer expect a positive decision in my favor regarding the case. Let the topic remain and people continue to discuss it. We could have found a solution to the situation from the very beginning and everyone would have remained in a situation beneficial to him, but alas, betfury is principled. I also wrote a review on truspilot. By the way, betfury has a lot of recent negative reviews in trustpilot with a minimum rating of 1.
I am not sure if TrustPilot reviews would affect them or not since most people know that the reviews and the trust score on TrustPilot are easily manipulated by competitors or even users that rage and become angry after losing money. So maybe you should try something else, maybe open a Scam Accusation thread in this forum and see if that helps your cause in any way.Maybe a scam accusations here would make them sit up and doing as it relates to services rendered. If OP should open a scam accusations against them, people here would be very much alert and informed so as not to fall victim from their ill act because if they can do such to OP then it means they can do much more than that to their members so therefore I would advise anyone dealing with the casino to be extremely careful.
I did not share the bugs with anyone, I gave an answer about this above. Only after the bounty was rejected I created this topic.
I wrote to several managers and the main support person in telegram - everyone ignores me and doesn’t answer anything about this case.
Apparently they don’t want to do anything about it, just ignore it and wait for everything to be forgotten.
If it does then it is really that worth for some bounty but much sure that they had already fixed that and they could easily ignore you out.
If your intents are real and sharing up something honestly or something that do talks about finding up some issues that could result into huge damage
then it would really be just that right that he should compensated with it.
Betfury doesnt have a word on this one. Is it possible that they could make out some response on the thread that you have created?
Let them know so that at least we do able to hear out their side also.
Yes, you could make money using the bugs I found. But they probably don’t work anymore. I didn’t check them again after filing a bug report.
There are also variations of bugs with bonuses, but I have not checked them. Maybe I’ll check it later, but I don’t want to at the moment.
I dont know if they are really that showing some unprofessionalism on here in regarding the situation and just like on what said above that it is something that worthy of a bounty
but since they are the ones who do make out such rule about for not on being that a huge problem then they wont really be giving out any bounties into that.
Why not really just simply move forward and continue on finding out some exploits or leaks on other sites on which they do really give out some bounties or rewards.
I did not share the bugs with anyone, I gave an answer about this above. Only after the bounty was rejected I created this topic.
I wrote to several managers and the main support person in telegram - everyone ignores me and doesn’t answer anything about this case.
Apparently they don’t want to do anything about it, just ignore it and wait for everything to be forgotten.
If it does then it is really that worth for some bounty but much sure that they had already fixed that and they could easily ignore you out.
If your intents are real and sharing up something honestly or something that do talks about finding up some issues that could result into huge damage
then it would really be just that right that he should compensated with it.
Betfury doesnt have a word on this one. Is it possible that they could make out some response on the thread that you have created?
Let them know so that at least we do able to hear out their side also.
legendary
Activity: 2226
Merit: 1049
Leading Crypto Sports Betting & Casino Platform
You must not share the information about the bug/exploit/vulnerability in the internet, be it community or forum, etc.
If this is actually Thier long standing rule, then you've ruin your chances of getting any dime should they have considered to reward you already... I'm afraid but that's the truth here..secondly, I feel an official statement wasn't made regarding Thier denial and failure to remit the said funds for any irregular bug findings- the question is; why were you in a hurry??
Sandra 🧑🦰
Anyways, I personally will not blame either party, since betfury team haven't said anything concerning the issue, but then, on the other hand, this is not the first time I am coming across an accusation like this, there are have several instances where some online companies fail to honor their word promise of rewarding any user who discovers a bug in their system and report it, OPs situation is not the first, and neither will it be the last, I have already said what I would do if I ever get in this same situation.
You must not share the information about the bug/exploit/vulnerability in the internet, be it community or forum, etc.
If this is actually Thier long standing rule, then you've ruin your chances of getting any dime should they have considered to reward you already... I'm afraid but that's the truth here..secondly, I feel an official statement wasn't made regarding Thier denial and failure to remit the said funds for any irregular bug findings- the question is; why were you in a hurry??
Sandra 🧑🦰
I no longer expect a positive decision in my favor regarding the case. Let the topic remain and people continue to discuss it. We could have found a solution to the situation from the very beginning and everyone would have remained in a situation beneficial to him, but alas, betfury is principled. I also wrote a review on truspilot. By the way, betfury has a lot of recent negative reviews in trustpilot with a minimum rating of 1.
I am not sure if TrustPilot reviews would affect them or not since most people know that the reviews and the trust score on TrustPilot are easily manipulated by competitors or even users that rage and become angry after losing money. So maybe you should try something else, maybe open a Scam Accusation thread in this forum and see if that helps your cause in any way. I don't know what's wrong in all this but if you actually found a bug and they had a bug bounty, they should have given you the bounty for doing that instead of dragging it this much.However, we can't say anything or make any judgements considering the fact that we have only heard or seen one side of the story and they are yet to make an appearance and explain themselves for this, that is when we can reach a conclusion about who is right and who is wrong, we can only wait for now, I guess.
I was not provided with proof that certain accounts belonged to me, they only assumed. Everything I wrote above is true and my last test was done that morning and I didn’t do anything else or check for bugs.
I provided them with the details of the account from which I made the bug. As a result, the account was banned and there is now no more response from support.
I wonder if this is an isolated case, and have they paid other bounty hunters I checked their bug bounty page and these are part of what is written on their page
Quote
Report Closure
⚠️ If a user discovers a vulnerability, he should not use it. We ask the researcher to give us a reasonable opportunity to resolve the issue before making it public.
⚠️ If a user discovers a vulnerability, he should not use it. We ask the researcher to give us a reasonable opportunity to resolve the issue before making it public.
If they can give proof of your abuse then there is a violation of their terms but if not it's bad for their image, since BFG protects the integrity of their system it becomes a he says they say scenario, and it's up to the readers to discern the truth based on the pieces of evidence presented here.
Yes, I don't understand them. Also, they still have not given an answer to one bug. The last message from the department contained the following: after careful deliberation and investigation, we regret to inform you that we can't grant a reward for your reports.
This is very unfortunate, can you upload the screenshot of that particular message and do they have a valid alibi as to why they cannot grant you a reward, many bug hunters will be reading this thread and they will have second thoughts about reporting the bug and may lead to just exploiting the bug since reporting will not get them anything.
There are whitehacker and bug bounty forums and communities and this news could escalate, if they are not going to reward they should be transparent in saying why they would not and not give you a generic response.
I wrote them everything as is, did the last test in the slot and went to bed in the morning. Only in the evening wrote them a bug report. I didn’t do any more tests after that morning.
So what is this they are now accusing you of abusing and withdrawing funds coming from different accounts, can you address this one did you withdraw from
accounts that they are accusing you of, based on how they configured their words they are not sure if you are the one withdrawing, it's still not good if they are not sure of and still accuse you of wrongdoing, they did not pay you then they accuse you not good for Betfury's public image.
Thank you! Yes, I will write news about my case here and the topic will never be closed. I think the betfury acted very unfairly towards me! Again, please note that I am not asking for mountains of gold from betfury. I will be satisfied with an adequate reward or any offer from them. For example, I offered them my knowledge in the casino and that they would hire me as a bug searcher and tester. My active experience in casinos is more than 12 years. Therefore, do not be surprised how I found the logic of the system and quite quickly solved the problem of bypassing certain algorithms and found several bugs in the system.
It's worth noting that Betfury's developers have always preferred anonymity. So I doubt that they will hire a person they don't know very well.
By the way, have you tried to take part in any other bug bounty programs before, or Betfury's bug program was your first experience? My point is that next time, you should be sure to record all the necessary information about bugs you find before sending a report to the project developers.
So betfury didn't pay the bounty is the bug unlimited i mean is it crucial they should pay or you can turn yourself into blackhat hacker and then tuen the money when the news is all over the place with the proof that they didnt care about your previous email.
Back year ago my friend found bug that contains database of user in token project and they only give us couple of buck worth of their token maybe 10$ what a joke
Back year ago my friend found bug that contains database of user in token project and they only give us couple of buck worth of their token maybe 10$ what a joke
Yes, I don't understand them. Also, they still have not given an answer to one bug. The last message from the department contained the following: after careful deliberation and investigation, we regret to inform you that we can't grant a reward for your reports.
This is very unfortunate, can you upload the screenshot of that particular message and do they have a valid alibi as to why they cannot grant you a reward, many bug hunters will be reading this thread and they will have second thoughts about reporting the bug and may lead to just exploiting the bug since reporting will not get them anything.
There are whitehacker and bug bounty forums and communities and this news could escalate, if they are not going to reward they should be transparent in saying why they would not and not give you a generic response.
I wrote them everything as is, did the last test in the slot and went to bed in the morning. Only in the evening wrote them a bug report. I didn’t do any more tests after that morning.
Please do update everything here mate as I am also one of old player in Betfury and never encountered a single problem in my time of playing in the past (as I stopped playing because of limit in budgeting)
Yes, I don't understand them. Also, they still have not given an answer to one bug. The last message from the department contained the following: after careful deliberation and investigation, we regret to inform you that we can't grant a reward for your reports.
This is very unfortunate, can you upload the screenshot of that particular message and do they have a valid alibi as to why they cannot grant you a reward, many bug hunters will be reading this thread and they will have second thoughts about reporting the bug and may lead to just exploiting the bug since reporting will not get them anything.
There are whitehacker and bug bounty forums and communities and this news could escalate, if they are not going to reward they should be transparent in saying why they would not and not give you a generic response.
It is very sad to hear that a bounty is not paid, particularly on white hat bug-finding because it really encourages people to actually not ever report and even take advantage of the bugs found which can even be a problem for the site and other users. Make sure that any reputation concern is stated in the forum, because if more people say the same it means something is not right.
It’s strange to me that betfury doesn’t do anything and doesn’t try to resolve the case. I wrote to various managers and other people who run betfury and there was no response.
I found out in live support why there was no response to the case, they replied that the corresponding department had the weekend.
I found out in live support why there was no response to the case, they replied that the corresponding department had the weekend.
OP I think it was weekend as they have said so it would be okay to give them a benefit of doubt if truly they would act after the weekend then if they fail to respond them we can conclude but for now let it be on assumptions that they are still on weekends. Although I have read your post and it is not making any sense that they could not attend to you for helping them to find such bug on their casino. It is awful of them to have acted this way. I will call for your patience just for a little more time let us see how they handle the situation.
I would like to believe that they will still meet me halfway. I generally like the betfury community, but in this case they have treated me dishonestly at the moment.
Well that's up for them if they didn't treat you fairly even if you settle up some things regarding on the bug you pointed out to them and if they don't really pay then didn't give a feedback or clear out such issue on this thread then maybe this will be the reason on why many people would lost their trust to them. They should really pay the bounty if there's promise stated to you and if this issue will prolong for another week or more then best to post a scam accusation for not honoring your deal between BFG team so that many could probably see your issue with them.
But still its good for them to settle.up and fix the bugs so that their gamblers will be more safe at away for any issues that might happen to them.
I believe that they as a casino should take it up as a responsibility to reward bug hunters wether there is a bounty or not because I see that it is not an easy task to take out time to spot a bug on a casino which would be able to cause such casino a huge fortune. Bugs are not just what should be overlooked after discovery because hackers are out there looking for porous victims to get at so therefore it is pertinent that bug discoverers be rewarded handsomely to commiserate with their services rendered.
The fact that they didn't respond to your report immediately says a lot!
According to what you have said, those are critical vulnerabilities since they allow attackers to withdraw money. They should have taken your reports more seriously.
Saying that they didn't reply because it's the holydays is not an excuse, tbh. They should state in their bug bounty terms that you should expect to receive a response within three working days.
According to what you have said, those are critical vulnerabilities since they allow attackers to withdraw money. They should have taken your reports more seriously.
Saying that they didn't reply because it's the holydays is not an excuse, tbh. They should state in their bug bounty terms that you should expect to receive a response within three working days.
It’s strange to me that betfury doesn’t do anything and doesn’t try to resolve the case. I wrote to various managers and other people who run betfury and there was no response.
I found out in live support why there was no response to the case, they replied that the corresponding department had the weekend.
I found out in live support why there was no response to the case, they replied that the corresponding department had the weekend.
OP I think it was weekend as they have said so it would be okay to give them a benefit of doubt if truly they would act after the weekend then if they fail to respond them we can conclude but for now let it be on assumptions that they are still on weekends. Although I have read your post and it is not making any sense that they could not attend to you for helping them to find such bug on their casino. It is awful of them to have acted this way. I will call for your patience just for a little more time let us see how they handle the situation.
I would like to believe that they will still meet me halfway. I generally like the betfury community, but in this case they have treated me dishonestly at the moment.
Well that's up for them if they didn't treat you fairly even if you settle up some things regarding on the bug you pointed out to them and if they don't really pay then didn't give a feedback or clear out such issue on this thread then maybe this will be the reason on why many people would lost their trust to them. They should really pay the bounty if there's promise stated to you and if this issue will prolong for another week or more then best to post a scam accusation for not honoring your deal between BFG team so that many could probably see your issue with them.
But still its good for them to settle.up and fix the bugs so that their gamblers will be more safe at away for any issues that might happen to them.
It’s strange to me that betfury doesn’t do anything and doesn’t try to resolve the case. I wrote to various managers and other people who run betfury and there was no response.
I found out in live support why there was no response to the case, they replied that the corresponding department had the weekend.
I found out in live support why there was no response to the case, they replied that the corresponding department had the weekend.
OP I think it was weekend as they have said so it would be okay to give them a benefit of doubt if truly they would act after the weekend then if they fail to respond them we can conclude but for now let it be on assumptions that they are still on weekends. Although I have read your post and it is not making any sense that they could not attend to you for helping them to find such bug on their casino. It is awful of them to have acted this way. I will call for your patience just for a little more time let us see how they handle the situation.
They are also looking for reasons not to count my report, for example: they claim that I submitted an application with a bug report more than 12 hours after my last check. I did the last test of the bug around 05:30 UTC +2 in the morning and went to bed until 15:00 UTC +2. I went about my business at home for an hour. It took me about 2 hours to prepare the bug report. The bug report was sent on the same day in the evening at 18:12 UTC +2. After the last test in the morning, I did not do any more tests in the interval of 12 hours. I wrote in telegram https://telegram.me/Steve_Betfury (head of betfury support) that I sent a rather serious bug report to bug and bounty support. Almost immediately after the report was sent, it was written to live support that I had sent a bug report from a certain email and they should check it, to which the first response was received to my report within three days. And betfury is trying to blame me for sending a bug report only 12 hours after the last test.
IMO this should not matter. What matters is if the bug was still there at the moment of submission. If it was, they should pay the bounty, or if there were multiple reports sent at the same time, a partial reward. I used to work in support and the way I'd handle this is as follows:If your report was long after another report for the same bug and that first report went to a technician that's in the process of fixing the bug, I'd give you a redacted copy of that first report that included all the dates as proof that you were late.
If your report was sent at the same time (like within 1 hour) of another report by someone else, and both reports were sent before the technician was able to fix the bug, I'd either decide to share the bounty between you two, or pay something like 75% to the person who first reported it and the rest to you.
It's obvious to me they're not trying to handle it the right way and don't care about transparency.
So maybe they already found the bugs before you reported it, or maybe someone already reported it first. Public will not know about it, only the staff and devs on that website.
Well if you feel that you have been scam by that website, I suggest to bring this thread to the scam accusation section, not here on the gambling section.
Well if you feel that you have been scam by that website, I suggest to bring this thread to the scam accusation section, not here on the gambling section.
If there was someone reported about the same bugs, OP should not be able to find it because professional casino will fix it as soon as possible or at least deactivate the related features which may make them lose some money. I see that the bugs reported by OP has big possibility to be abused and may make the casino lose a lot of money. I think the casino should at least give at least a "thank" for OP to report the bugs. It does not matter the bug is reported already or not, but I think rewarding people who found bugs in the casino is a must. It does not need to be in a big amount of money but it can be anything as appreciation from the casino to anyone who reported the bug.
They should at least give proof that the bug was reported earlier by another bug bounty hunter and not just say that they know the bug and working on it already, bug bounty hunters will just suspect that they want to take advantage and do not want to pay, a mere thank you is not enough, I don't know much about coding, but based on what I read it consumes time and too much effort just to find bugs.
OP mentioned that he is not expecting big rewards so Betfury should get a hint and reward OP on what they think he deserves, and casinos should create a page or announcement about bugs for transparency purposes, so in case one bug bounty hunter finds one bug he can check the page if there's already a report on the bug.
That is true, should have valid proof about such claim, or better yet, they need to be clear about the rules of their bug bounty program.
Because if that is the case, then, you don't know if someone already reported such bug to them or not yet.
How will you know if they are saying the truth from their end? Though it is still their prerogative as they are the owners of the site.
It depends on how they will manage such program. But these hunters may not be encourage to report anymore, which has the possibility that they can just abuse such bug.
Jump to: