Rollin.io hacked | Bitcointalksearch.org

Avirunes

legendary

Activity: 3094

Merit: 1468

Quote from: DiscoverCebu on January 26, 2016, 02:04:49 PM

Wow, 25 btc for a single exploit? Although it seems pretty small compared to hufflepuff incident. Just hope rollin will be back up and rollin, also hoping they won't decrease the faucet again Roll Eyes

Lol how does faucet decrease comes here. I know that some users are annoyed with the faucet decrease but it was only taken to decrease faucet-farming which was going as an alarming issue for rollin.

DiscoverCebu

sr. member

Activity: 392

Merit: 250

Wow, 25 btc for a single exploit? Although it seems pretty small compared to hufflepuff incident. Just hope rollin will be back up and rollin, also hoping they won't decrease the faucet again Roll Eyes

Gloober

full member

Activity: 126

Merit: 100

At least they didn't get hacked, but still bad that someone was able to exploit the site with a cheat.
Hope not any other harm was done besides this.

Avirunes

legendary

Activity: 3094

Merit: 1468

Quote from: kotwica666 on January 26, 2016, 12:45:42 PM

So, no hack:

Quote from: ?? on ??

Hi everyone,

~snip~

case with wallets still open.. 25 btc in hot wallet? a bit risky..

Yeah they keep up that much to provide their users instant payout.Last time ,Hesam won around 33BTC and they give him an instant withdrawal.

Quote from: ?? on ??

I can't go into much details right now.
But just a pro tip i learned yesterday.
Never trust build-in framework validation scripts.
I learned this the hard way -.-

piebeyb

legendary

Activity: 2296

Merit: 1038

Leading Crypto Sports Betting & Casino Platform

Quote from: Avirunes on January 26, 2016, 09:06:59 AM

Quote from: Joel_Jantsen on January 26, 2016, 05:02:40 AM

Quote from: morantis on January 25, 2016, 01:19:16 PM

Very nicely done! That is not an easy one to pull off. Kudos to the cracker that pulled that one down. Although I assume that it was not the kick that got them, they must have dropped right after that.

When people like will stop existing from this planet ? How could you even celebrate over someone's losses by cheating ?Rollin.io is one of the best dice sites I have ever played it and I don't think this is funny .

Well leave it.They are all raged up players who left up playing on sites like rollin just because they lost up while playing with high win chance.They put on calling rollin.io a scam without having any further proof.

I also agree that rollin.io is a fair site and not a scam.

yeah I was also thinking about the same thing with you, I know rollin not a gambling site a scam, because I know rollin well with all their users

kotwica666

legendary

Activity: 2282

Merit: 1035

So, no hack:

Quote from: ?? on ??

Hi everyone,

I wanted to confirm the speculation that has been going around.
On 25 Jan 2016 someone found an exploit to cheat.
The moment i was aware of the exploit i shutdown the website and tried to fix it.
3-4 hours later we went back online.
But sadly he already stole 25 btc.

Also to clear up any confusion.
We did not get hacked.
And no servers have been compromised.

Hope this clears up any speculation & confusion.

Regards,
Shogun

case with wallets still open.. 25 btc in hot wallet? a bit risky..

badjacks99

hero member

Activity: 1050

Merit: 502

Damn, That is a big big lose for them I hope they can recover. Havent yet checked the website but are they closing shop for awhile? Seems like that must be the case if there is such an exploit. I need to get on there and make sure I don't still have btc on my account there. Will keep following this thread and hope for the best for rollin.io

kotwica666

legendary

Activity: 2282

Merit: 1035

Quote from: steamproject on January 26, 2016, 10:36:48 AM

And 10 Btc is a small amount ?

Of course NOT. Sorry for word "only" - edited.

Quote from: Lutpin on January 26, 2016, 10:40:31 AM

Quote from: kotwica666 on January 26, 2016, 10:34:26 AM

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

1) Possible
2) Nope, it's confirmed that he stole over 20btc, and if you check my first post, I tracked the movement of 34,23BTC from rollins hot-wallets.
3) That's his last withdrawal, before he withdrew around 25 btc in packets of 0.4995
4) Very unlikely.

So - or more hot wallets, or .. from where was coming this last withdraw (10btc) if hot wallets should be empty?
Some automatically filling up hot wallet in the moment when is empty?

Edit: yep - from fresh deposits is possible, but 10btc.. hmm

shorena

copper member

Activity: 1498

Merit: 1499

No I dont escrow anymore.

Quote from: Lutpin on January 26, 2016, 10:40:31 AM

Quote from: kotwica666 on January 26, 2016, 10:34:26 AM

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

1) Possible
2) Nope, it's confirmed that he stole over 20btc, and if you check my first post, I tracked the movement of 34,23BTC from rollins hot-wallets.
3) That's his last withdrawal, before he withdrew around 25 btc in packets of 0.4995
4) Very unlikely.

#1 Yes, they likely do, because everyone creating an account and depositing bitcoins is a new bitcoin address that is part of the hot wallet. At least, that would be normal design. Use the deposits to pay out instead of depositing into cold wallet and transfering to hot constantly.

Lutpin

copper member

Activity: 1876

Merit: 1874

Goodbye, Z.

Quote from: kotwica666 on January 26, 2016, 10:34:26 AM

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

1) Possible
2) Nope, it's confirmed that he stole over 20btc, and if you check my first post, I tracked the movement of 34,23BTC from rollins hot-wallets.
3) That's his last withdrawal, before he withdrew around 25 btc in packets of 0.4995
4) Very unlikely.

steamproject

sr. member

Activity: 383

Merit: 250

Quote from: kotwica666 on January 26, 2016, 10:34:26 AM

Quote from: Lutpin on January 26, 2016, 10:18:22 AM

Quote from: kotwica666 on January 26, 2016, 10:10:01 AM

There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times 0.4995 BTC. (so less then 1 btc Wink

)

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..? Roll Eyes

Walletexplorer provides snapshots of the blockchain at certain intervals, known hot-wallets were filled with roughly 10 BTC at time of the last snap.
They either got filled more between the time of the snap and the time the attacker beginned draining them empty,
or rollin has some more hot-wallets unknown to walletexplorer (their list might not be complete after all).
If you check the last snap "Updated to block 395056 (2016-01-26 00:58:20).", their walltes are almost empty, only around 0.1BTC left in hot-wallet funds: https://www.walletexplorer.com/wallet/Rollin.io/addresses

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

And 10 Btc is a small amount ?

kotwica666

legendary

Activity: 2282

Merit: 1035

Quote from: Lutpin on January 26, 2016, 10:18:22 AM

Quote from: kotwica666 on January 26, 2016, 10:10:01 AM

There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times 0.4995 BTC. (so less then 1 btc Wink

)

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..? Roll Eyes

Walletexplorer provides snapshots of the blockchain at certain intervals, known hot-wallets were filled with roughly 10 BTC at time of the last snap.
They either got filled more between the time of the snap and the time the attacker beginned draining them empty,
or rollin has some more hot-wallets unknown to walletexplorer (their list might not be complete after all).
If you check the last snap "Updated to block 395056 (2016-01-26 00:58:20).", their walltes are almost empty, only around 0.1BTC left in hot-wallet funds: https://www.walletexplorer.com/wallet/Rollin.io/addresses

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen ~~only~~ around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

Lutpin

copper member

Activity: 1876

Merit: 1874

Goodbye, Z.

Quote from: kotwica666 on January 26, 2016, 10:10:01 AM

There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times 0.4995 BTC. (so less then 1 btc Wink

)

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..? Roll Eyes

Walletexplorer provides snapshots of the blockchain at certain intervals, known hot-wallets were filled with roughly 10 BTC at time of the last snap.
They either got filled more between the time of the snap and the time the attacker beginned draining them empty,
or rollin has some more hot-wallets unknown to walletexplorer (their list might not be complete after all).
If you check the last snap "Updated to block 395056 (2016-01-26 00:58:20).", their walltes are almost empty, only around 0.1BTC left in hot-wallet funds: https://www.walletexplorer.com/wallet/Rollin.io/addresses

kotwica666

legendary

Activity: 2282

Merit: 1035

Quote from: Betwrong on January 26, 2016, 09:49:34 AM

Quote from: adaseb on January 26, 2016, 06:00:22 AM

I don't understand why these thieves try to withdraw everything at once and there any aren't countermeasures to make the withdraw manual. Especially for new users.

I don't understand this either. I think if a new user is going to withdraw more than 1 BTC this shouldn't go automatically, admins should check first if it was a fair play. I think that's not that difficult to do.

There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times 0.4995 BTC. (so less then 1 btc Wink

)

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..? Roll Eyes

Avirunes

legendary

Activity: 3094

Merit: 1468

Quote from: adaseb on January 26, 2016, 09:48:32 AM

Quote from: fox19891989 on January 26, 2016, 09:29:27 AM

WTF this hack is too obvious to find, cause the bug is 100% sure, and i hope rollin won't let him withdraw the coins, 35 btc is a big amount of money, so i think rollin won't give him instant withdrawal, anyone knows the recent progress? If he wanna hacks, he should bet a little and withdraw a little so he can get instant withdrawal

According to the earlier posts he successfuly withdrew already 25 BTC or such. There was an address posted earlier. The site will probably go bankrupt unless the owner can cover the loss.

Yeah mods at rollin.io confirmed that estimated btc he withdrawed was around 20-30 BTC

Update:Rollin.io admins just cleared hacker(popobava007) roll stats and removed his name from caesar prize

Betwrong

legendary

Activity: 3234

Merit: 2112

I stand with Ukraine.

Quote from: adaseb on January 26, 2016, 06:00:22 AM

I don't understand why these thieves try to withdraw everything at once and there any aren't countermeasures to make the withdraw manual. Especially for new users.

I don't understand this either. I think if a new user is going to withdraw more than 1 BTC this shouldn't go automatically, admins should check first if it was a fair play. I think that's not that difficult to do.

adaseb

legendary

Activity: 3738

Merit: 1708

Quote from: fox19891989 on January 26, 2016, 09:29:27 AM

WTF this hack is too obvious to find, cause the bug is 100% sure, and i hope rollin won't let him withdraw the coins, 35 btc is a big amount of money, so i think rollin won't give him instant withdrawal, anyone knows the recent progress? If he wanna hacks, he should bet a little and withdraw a little so he can get instant withdrawal

According to the earlier posts he successfuly withdrew already 25 BTC or such. There was an address posted earlier. The site will probably go bankrupt unless the owner can cover the loss.

fox19891989

hero member

Activity: 840

Merit: 1000

WTF this hack is too obvious to find, cause the bug is 100% sure, and i hope rollin won't let him withdraw the coins, 35 btc is a big amount of money, so i think rollin won't give him instant withdrawal, anyone knows the recent progress? If he wanna hacks, he should bet a little and withdraw a little so he can get instant withdrawal

Avirunes

legendary

Activity: 3094

Merit: 1468

Quote from: Joel_Jantsen on January 26, 2016, 05:02:40 AM

Quote from: morantis on January 25, 2016, 01:19:16 PM

Very nicely done! That is not an easy one to pull off. Kudos to the cracker that pulled that one down. Although I assume that it was not the kick that got them, they must have dropped right after that.

When people like will stop existing from this planet ? How could you even celebrate over someone's losses by cheating ?Rollin.io is one of the best dice sites I have ever played it and I don't think this is funny .

Well leave it.They are all raged up players who left up playing on sites like rollin just because they lost up while playing with high win chance.They put on calling rollin.io a scam without having any further proof.

I also agree that rollin.io is a fair site and not a scam.

poplolnman

legendary

Activity: 1442

Merit: 1008

Quote from: Avirunes on January 25, 2016, 11:47:30 PM

Quote from: TriggerX on January 25, 2016, 11:16:52 PM

Is there any more proof that the BTC is actually lost from the wallet? I checked out the website and it now seems to work fine. If someone stole oer 35BTC I don't think just a day will solve all the problems. Could someone post additional proof saying that the website actually got hacked? I'm a bit skeptical about this one.

I think pic. I posted in main post is enough to explain that. If you really want to know go to rollin.io and check legend and caesar page .Also mod there can confirm that too.

Also this one quote from guitarplinker, you might want to add this quote to op, so people wouldn't ask the kind of this question repeatedly.
So sad to hear Rollin.io got hacked , a security for big site like Rollin already broke.

Quote from: guitarplinker on January 25, 2016, 06:11:56 PM

I've read some messages from the admin and it sounds like they're looking into the hack right now. Although there was a large amount stolen, I think it was a drop in the bucket for the website (I could be wrong though).
...

Topic: Rollin.io hacked (Read 7278 times)