Pages:
Author

Topic: Rollin.io hacked (Read 7335 times)

legendary
Activity: 3094
Merit: 1472
January 26, 2016, 01:13:02 PM
#66
Wow, 25 btc for a single exploit? Although it seems pretty small compared to hufflepuff incident. Just hope rollin will be back up and rollin, also hoping they won't decrease the faucet again  Roll Eyes

Lol how does faucet decrease comes here.  I know that some users are annoyed with the faucet decrease but it was only taken to decrease faucet-farming which was going as an alarming issue for rollin.
sr. member
Activity: 392
Merit: 250
January 26, 2016, 01:04:49 PM
#65
Wow, 25 btc for a single exploit? Although it seems pretty small compared to hufflepuff incident. Just hope rollin will be back up and rollin, also hoping they won't decrease the faucet again  Roll Eyes
full member
Activity: 126
Merit: 100
January 26, 2016, 12:03:03 PM
#64
At least they didn't get hacked, but still bad that someone was able to exploit the site with a cheat.
Hope not any other harm was done besides this.
legendary
Activity: 3094
Merit: 1472
January 26, 2016, 11:59:35 AM
#63
So, no hack:

Hi everyone,

~snip~



case with wallets still open.. 25 btc in hot wallet? a bit risky..


Yeah they keep up that much to provide their users instant payout.Last time ,Hesam won around 33BTC and they give him an instant withdrawal.

I can't go into much details right now.
But just a pro tip i learned yesterday.
Never trust build-in framework validation scripts.
I learned this the hard way -.-

legendary
Activity: 2464
Merit: 1039
Bitcoin Trader
January 26, 2016, 11:51:38 AM
#62
Very nicely done!   That is not an easy one to pull off.  Kudos to the cracker that pulled that one down.  Although I assume that it was not the kick that got them,  they must have dropped right after that.

When people like will stop existing from this planet ? How could you even celebrate over someone's losses by cheating ?Rollin.io is one of the best dice sites I have ever played it and I don't think this is funny .

Well leave it.They are all raged up players who left up playing on sites like rollin just because they lost up while playing with high win chance.They put on calling rollin.io a scam without having any further proof.

I also agree that rollin.io is a fair site and not a scam.
yeah I was also thinking about the same thing with you, I know rollin not a gambling site a scam, because I know rollin well with all their users
legendary
Activity: 2282
Merit: 1035
January 26, 2016, 11:45:42 AM
#61
So, no hack:

Hi everyone,

I wanted to confirm the speculation that has been going around.
On 25 Jan 2016 someone found an exploit to cheat.
The moment i was aware of the exploit i shutdown the website and tried to fix it.
3-4 hours later we went back online.
But sadly he already stole 25 btc.

Also to clear up any confusion.
We did not get hacked.
And no servers have been compromised.

Hope this clears up any speculation & confusion.

Regards,
Shogun

case with wallets still open.. 25 btc in hot wallet? a bit risky..
hero member
Activity: 1050
Merit: 502
January 26, 2016, 10:05:14 AM
#60
Damn, That is a big big lose for them I hope they can recover. Havent yet checked the website but are they closing shop for awhile? Seems like that must be the case if there is such an exploit. I need to get on there and make sure I don't still have btc on my account there. Will keep following this thread and hope for the best for rollin.io
legendary
Activity: 2282
Merit: 1035
January 26, 2016, 09:56:27 AM
#59
And 10 Btc is a small amount ?

Of course NOT. Sorry for word "only" - edited.

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

1) Possible
2) Nope, it's confirmed that he stole over 20btc, and if you check my first post, I tracked the movement of 34,23BTC from rollins hot-wallets.
3) That's his last withdrawal, before he withdrew around 25 btc in packets of 0.4995
4) Very unlikely.

So - or more hot wallets, or .. from where was coming this last withdraw (10btc) if hot wallets should be empty?
Some automatically filling up hot wallet in the moment when is empty?  

Edit: yep - from fresh deposits is possible, but 10btc.. hmm
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
January 26, 2016, 09:55:43 AM
#58
OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

1) Possible
2) Nope, it's confirmed that he stole over 20btc, and if you check my first post, I tracked the movement of 34,23BTC from rollins hot-wallets.
3) That's his last withdrawal, before he withdrew around 25 btc in packets of 0.4995
4) Very unlikely.

#1 Yes, they likely do, because everyone creating an account and depositing bitcoins is a new bitcoin address that is part of the hot wallet. At least, that would be normal design. Use the deposits to pay out instead of depositing into cold wallet and transfering to hot constantly.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
January 26, 2016, 09:40:31 AM
#57
OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

1) Possible
2) Nope, it's confirmed that he stole over 20btc, and if you check my first post, I tracked the movement of 34,23BTC from rollins hot-wallets.
3) That's his last withdrawal, before he withdrew around 25 btc in packets of 0.4995
4) Very unlikely.
sr. member
Activity: 383
Merit: 250
January 26, 2016, 09:36:48 AM
#56
There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times  0.4995 BTC. (so less then 1 btc Wink )

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..?  Roll Eyes
Walletexplorer provides snapshots of the blockchain at certain intervals, known hot-wallets were filled with roughly 10 BTC at time of the last snap.
They either got filled more between the time of the snap and the time the attacker beginned draining them empty,
or rollin has some more hot-wallets unknown to walletexplorer (their list might not be complete after all).
If you check the last snap "Updated to block 395056 (2016-01-26 00:58:20).", their walltes are almost empty, only around 0.1BTC left in hot-wallet funds: https://www.walletexplorer.com/wallet/Rollin.io/addresses

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.


And 10 Btc is a small amount ?
legendary
Activity: 2282
Merit: 1035
January 26, 2016, 09:34:26 AM
#55
There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times  0.4995 BTC. (so less then 1 btc Wink )

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..?  Roll Eyes
Walletexplorer provides snapshots of the blockchain at certain intervals, known hot-wallets were filled with roughly 10 BTC at time of the last snap.
They either got filled more between the time of the snap and the time the attacker beginned draining them empty,
or rollin has some more hot-wallets unknown to walletexplorer (their list might not be complete after all).
If you check the last snap "Updated to block 395056 (2016-01-26 00:58:20).", their walltes are almost empty, only around 0.1BTC left in hot-wallet funds: https://www.walletexplorer.com/wallet/Rollin.io/addresses

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
January 26, 2016, 09:18:22 AM
#54
There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times  0.4995 BTC. (so less then 1 btc Wink )

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..?  Roll Eyes
Walletexplorer provides snapshots of the blockchain at certain intervals, known hot-wallets were filled with roughly 10 BTC at time of the last snap.
They either got filled more between the time of the snap and the time the attacker beginned draining them empty,
or rollin has some more hot-wallets unknown to walletexplorer (their list might not be complete after all).
If you check the last snap "Updated to block 395056 (2016-01-26 00:58:20).", their walltes are almost empty, only around 0.1BTC left in hot-wallet funds: https://www.walletexplorer.com/wallet/Rollin.io/addresses
legendary
Activity: 2282
Merit: 1035
January 26, 2016, 09:10:01 AM
#53
I don't understand why these thieves try to withdraw everything at once and there any aren't countermeasures to make the withdraw manual. Especially for new users.

I don't understand this either. I think if a new user is going to withdraw more than 1 BTC this shouldn't go automatically, admins should check first if it was a fair play. I think that's not that difficult to do.

There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times  0.4995 BTC. (so less then 1 btc Wink )

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..?  Roll Eyes
legendary
Activity: 3094
Merit: 1472
January 26, 2016, 08:59:54 AM
#52
Shocked WTF this hack is too obvious to find, cause the bug is 100% sure, and i hope rollin won't let him withdraw the coins, 35 btc is a big amount of money, so i think rollin won't give him instant withdrawal, anyone knows the recent progress? If he wanna hacks, he should bet a little and withdraw a little so he can get instant withdrawal

According to the earlier posts he successfuly withdrew already 25 BTC or such. There was an address posted earlier. The site will probably go bankrupt unless the owner can cover the loss.

Yeah mods at rollin.io confirmed that estimated btc he withdrawed was around 20-30 BTC

Update:Rollin.io admins just cleared hacker(popobava007) roll stats and removed his name from caesar prize
legendary
Activity: 3374
Merit: 2198
I stand with Ukraine.
January 26, 2016, 08:49:34 AM
#51
I don't understand why these thieves try to withdraw everything at once and there any aren't countermeasures to make the withdraw manual. Especially for new users.

I don't understand this either. I think if a new user is going to withdraw more than 1 BTC this shouldn't go automatically, admins should check first if it was a fair play. I think that's not that difficult to do.
legendary
Activity: 3808
Merit: 1723
January 26, 2016, 08:48:32 AM
#50
Shocked WTF this hack is too obvious to find, cause the bug is 100% sure, and i hope rollin won't let him withdraw the coins, 35 btc is a big amount of money, so i think rollin won't give him instant withdrawal, anyone knows the recent progress? If he wanna hacks, he should bet a little and withdraw a little so he can get instant withdrawal

According to the earlier posts he successfuly withdrew already 25 BTC or such. There was an address posted earlier. The site will probably go bankrupt unless the owner can cover the loss.
hero member
Activity: 840
Merit: 1000
January 26, 2016, 08:29:27 AM
#49
 Shocked WTF this hack is too obvious to find, cause the bug is 100% sure, and i hope rollin won't let him withdraw the coins, 35 btc is a big amount of money, so i think rollin won't give him instant withdrawal, anyone knows the recent progress? If he wanna hacks, he should bet a little and withdraw a little so he can get instant withdrawal
legendary
Activity: 3094
Merit: 1472
January 26, 2016, 08:06:59 AM
#48
Very nicely done!   That is not an easy one to pull off.  Kudos to the cracker that pulled that one down.  Although I assume that it was not the kick that got them,  they must have dropped right after that.

When people like will stop existing from this planet ? How could you even celebrate over someone's losses by cheating ?Rollin.io is one of the best dice sites I have ever played it and I don't think this is funny .

Well leave it.They are all raged up players who left up playing on sites like rollin just because they lost up while playing with high win chance.They put on calling rollin.io a scam without having any further proof.

I also agree that rollin.io is a fair site and not a scam.
legendary
Activity: 1442
Merit: 1008
January 26, 2016, 05:06:36 AM
#47
Is there any more proof that the BTC is actually lost from the wallet? I checked out the website and it now seems to work fine. If someone stole oer 35BTC I don't think just a day will solve all the problems. Could someone post additional proof saying that the website actually got hacked? I'm a bit skeptical about this one.

I think pic. I posted in main post is enough to explain that. If you really want to know go to rollin.io and check legend and caesar page .Also mod there can confirm that too.

Also this one quote from guitarplinker, you might want to add this quote to op, so people wouldn't ask the kind of this question repeatedly.
So sad to hear Rollin.io got hacked , a security for big site like Rollin already broke.
I've read some messages from the admin and it sounds like they're looking into the hack right now. Although there was a large amount stolen, I think it was a drop in the bucket for the website (I could be wrong though).
...

Pages:
Jump to: