Pages:
Author

Topic: SatoshiDICE.com - The World's Most Popular Bitcoin Game - page 13. (Read 495932 times)

legendary
Activity: 3808
Merit: 1723
I feel like right now is a real make or break moment for Satoshidice. They could refund the investors that were robbed, add 2FA and maybe work on a more fluid hot wallet, and be up there in contention for best dice site, not to mention the first. Or they could deny any responsibility for the robberies, never address the hot wallet, ignore everyone, get strongly branded as an outright scam, and fizzle out (or maybe just steal the rest and run/hide to avoid legal action).

I know which scenario I'm in favor of  Wink
They do not rob investors to refund them.

I doubt they could be the best dice site with 1,9% house edge, while others offer 0,8% and without robbing, cheating, etc.

They can not avoid legal action, the laws are clear. But they likely will not face legal action, because of the mindset of the victims.

The house edge has nothing to do with the site. The reason why its losing profits is because gamblers are moving on to other website.

I still don't know how the situation with these investors will play out, but its looks very fishy for these huge wins coming out of nowhere all at once.

This is whats bad about Bitcoin. All the sites have to do is say "We were hacked- sorry" and our bitcoins are gone and nothing we can do about it.
hero member
Activity: 1344
Merit: 507
I feel like right now is a real make or break moment for Satoshidice. They could refund the investors that were robbed, add 2FA and maybe work on a more fluid hot wallet, and be up there in contention for best dice site, not to mention the first. Or they could deny any responsibility for the robberies, never address the hot wallet, ignore everyone, get strongly branded as an outright scam, and fizzle out (or maybe just steal the rest and run/hide to avoid legal action).

I know which scenario I'm in favor of  Wink
They do not rob investors to refund them.

I doubt they could be the best dice site with 1,9% house edge, while others offer 0,8% and without robbing, cheating, etc.

They can not avoid legal action, the laws are clear. But they likely will not face legal action, because of the mindset of the victims.
newbie
Activity: 27
Merit: 0
I feel like right now is a real make or break moment for Satoshidice. They could refund the investors that were robbed, add 2FA and maybe work on a more fluid hot wallet, and be up there in contention for best dice site, not to mention the first. Or they could deny any responsibility for the robberies, never address the hot wallet, ignore everyone, get strongly branded as an outright scam, and fizzle out

I know which scenario I'm in favor of  Wink
legendary
Activity: 3808
Merit: 1723
Seems to be working fine for me - just made a small withdrawal from my house balance.

Did the withdraw actually go thru ? Because it seems the hot wallet has been empty for a while now.

If you can, maybe post the TX ID so we can see when the hot wallet was refilled.

Many of us are having issues accessing the site and withdrawing funds.
newbie
Activity: 13
Merit: 0
Seems to be working fine for me - just made a small withdrawal from my house balance.
I guess whatever small count you took up emptied it i cant even get 0.01 out. it either speaks to the already known small hot wallet. or that they still havent fixed my account saying insufficient funds instead of that the hot wallet is emty. got ahold of the guy here, got 1 reply and never heard back. same happened thorugh email replied to me once or twitce and still havent fixed it. such a mess
member
Activity: 119
Merit: 100
Seems to be working fine for me - just made a small withdrawal from my house balance.
member
Activity: 112
Merit: 10
BitWAB admin team
Really hope you are getting back soon!

Right now website returns 504 Gateway time-out error,
any updates?

~BitWAB Team~
Be the winner!
legendary
Activity: 3808
Merit: 1723
when 2fa will be added?

It seems to have been added (in a form of some sorts) withdraw ~9 BTC today and it asked me to "unlock" my withdrawing ability which for that it send your an email. Once you click the link in the email you can withdraw for the next 3mins.

All in all, I think this added feature is sound and solid. Nice work guys!

(also had no worries withdrawing the ~9 BTC in regards to hot wallet balance - First go)

Yeah well it was suppose to be added about 6 months ago like promised on this thread. However in reality it should of been added years ago. Maybe this theft (which I am still not certain) could of been avoided.

Really feel bad for the early adopters who still leave their BTC with Satoshidice.
newbie
Activity: 4
Merit: 0
when 2fa will be added?

It seems to have been added (in a form of some sorts) withdraw ~9 BTC today and it asked me to "unlock" my withdrawing ability which for that it send your an email. Once you click the link in the email you can withdraw for the next 3mins.

All in all, I think this added feature is sound and solid. Nice work guys!

(also had no worries withdrawing the ~9 BTC in regards to hot wallet balance - First go)
hero member
Activity: 1344
Merit: 507
I summed it up here: https://game-protect.com/satoshidice-scam/

If you have something to add, please pm or leave a reply below the article. Thank you.
newbie
Activity: 25
Merit: 0
Probably not the best time to ask, that being said after seeing these recent posts im fair shitting myself. could SD please fill up the hot wallet so i can withdrawal my 1.3 btc thanks or at-least email me directly
legendary
Activity: 3318
Merit: 1247
Bitcoin Casino Est. 2013
Just got a second short message out of Randian Hero, 15 days later:

 "We have seen no signs of malicious activity. Sorry to tell you this, but it seems like someone got your password."

No word on how this coincidentally happened to two other high balance investors in the same period.

No word on how, in that very time period, this thread is full of people complaining about hot wallet problems, and being unable to cash-out <1BTC amounts, yet someone who "got my password" (and at least 2 others' passwords presumably,) is able to withdrawal >150 BTC with no problem?

The cash-out thing is really the most damning to them. Even if all of these account hacks weren't there fault, with their notoriously slow cash-out issues it would be beyond easy for them to prevent large cash-outs while they investigated these robberies; in fact one would think this "thief" would have a ton of difficulty cashing out even without preventative action on their part. Are we to believe that they "coincidentally" expedited the large cash-outs that happened to be account hacks?




Sounds very suspicious to me. People having trouble withdrawing and hackers can easily withdraw 150BTC??? I would directly withdraw asap all my funds if I was one of the other users.

150BTC?
That is no joke. How can they not have any security on the site in place to prevent this?
I thought this was the very first dice site that was ever created? I saw this site on a documentary I just watched recently and then saw this thread near the top of the section and wanted to see how it was going 8 years later but then this is the first post that came up on my screen.  Undecided
Pretty disconcerting. To say the least. Embarrassed
hero member
Activity: 568
Merit: 500
https://bit-exo.com/?ref=gamblingbad
when 2fa will be added?
hero member
Activity: 1344
Merit: 507
We are continuously working to figure out what has happened regarding the reports of the missing bitcoins.

You can see within one day what happened on your gaming server in regards to a certain account.

We have time stamp of a login with the correct password that made a successful withdrawal on both accounts, that we looked up in a few minutes.
One of the things we are looking into is if there are one or several phishing attempts, what they look like, how many accounts could have been affected, tricked by the phishing. Is it even a phishing or did someone get hold of all passwords, or some passwords, or is it a list of user accounts from other websites and so on - its not exactly a one day thing.

Whats time consuming is:
What we are trying to figure out is if the fault is ours OR If the user simply did not have a secure password or used the same password as they did on other websites, ect ect.
If the site or servers have been compromised, we will refund the user accounts in question.
OR
If the user got his password typed in by inputting the password in the password field as intended we will not refund.

A 2 factor authentication system would have eliminated this problem and should probably have been implemented a long time ago. As much as we are now rushing to develop this feature, At this moment the site is as provided without 2 factor authentication.
So you need weeks to check if your server has been compromised?

Everything what happened on your server (login attempts, successful logins, code added, etc.) is recorded and your server administrator can easily check this within a few days.

If you were not compromised and if it was not an inside job, you could simply put the server logs on the table.

There are several indications that your server was compromised and you try to cover it up:

1) Shortly after your issues (account balances disappeared, hot wallet regularly empty, etc.) 2 players coincidentally win 500+ bitcoins with Satoshi Slots, would perfectly explain that your server was compromised and covered your loss with the 500+ Bitcoins won and reduced this amount from investor account balances.

2) Allow players to win more than the maximum profit on a bet of 1,9% of the bankroll and this contradictory to your "Bet on the house" terms and conditions.

3) The Satoshi Slot winners can withdraw their illegal winnings of 500+ Bitcoins instantly, while "normal" customers have issues to even withdraw 1 Bitcoin.

4) Player account transactions are not secured with email account confirmations, strongly suggest that the security of your server is also not sufficient.

5) Illegaly reduce Satoshi Slot losses from investor account balances, even though they only invested in Satoshi Dice, according to your "Bet on the house" terms and conditions.
legendary
Activity: 3808
Merit: 1723
You know whats crazy? These days the biggest and crappiest exchanges have 2FA and these exchanges probably have less than 100 BTC of customer funds but one of the oldest and largest Bitcoin gambling sites doesn't even have 2FA.

If you guys had 2FA this could of easily been avoided probably.
newbie
Activity: 27
Merit: 0
We are continuously working to figure out what has happened regarding the reports of the missing bitcoins.

This is what has been found so far:
* As of yet, there is no evidence of the servers being compromised. Part of the work is to exclude that the accounts in question simply made a withdrawal and then stated that they didn't make the withdrawal.

* We got one report of a user who clicked a Bitcointalk phishing link, entered his information and then got his balance stolen on Satoshidice.

* We have seen attempts of password guessing on what appears to be big lists of emails. We do not store password in clear text in the database but we looked at real-time password attempts and there are several login attempts made with passwords such as "password" "sun" "god" "1234" ect. All those IP addresses are blocked and stored for future evidence.

* Please never use a simple or common password, or any password that you use on other websites.

* Please do not use the same email (and/or password) you use on Bitcointalk.
https://bitcointalksearch.org/topic/bitcointalk-hacked-and-data-for-sale-on-dark-web-1611117


I'm glad there is finally some communication/information posted, thanks for that.

Was my account targeted by password guessing? My password wasn't anything common like the examples you gave, nor is it the same password as I have elsewhere. I also use different emails for this and Satishidice. And my email has 2FA.

Any comment on the hotwallet stuff? It seems pretty inconceivable that all this money was withdrawn in the 12/27 to 1/4 window while people on here were complaining about the inability to cash out small amounts.
sr. member
Activity: 392
Merit: 250
SatoshiDice.com
We are continuously working to figure out what has happened regarding the reports of the missing bitcoins.
You can see within one day what happened on your gaming server in regards to a certain account.
We have time stamp of a login with the correct password that made a successful withdrawal on both accounts, that we looked up in a few minutes.
One of the things we are looking into is if there are one or several phishing attempts, what they look like, how many accounts could have been affected, tricked by the phishing. Is it even a phishing or did someone get hold of all passwords, or some passwords, or is it a list of user accounts from other websites and so on - its not exactly a one day thing.

Whats time consuming is:
What we are trying to figure out is if the fault is ours OR If the user simply did not have a secure password or used the same password as they did on other websites, ect ect.
If the site or servers have been compromised, we will refund the user accounts in question.
OR
If the user got his password typed in by inputting the password in the password field as intended we will not refund.

A 2 factor authentication system would have eliminated this problem and should probably have been implemented a long time ago. As much as we are now rushing to develop this feature, At this moment the site is as provided without 2 factor authentication. 

* We got one report of a user who clicked a Bitcointalk phishing link, entered his information and then got his balance stolen on Satoshidice.
Which bitcointalk user name was it?
If the user wants to tell us all publicly, he or she may choose to do so.
hero member
Activity: 1344
Merit: 507
We are continuously working to figure out what has happened regarding the reports of the missing bitcoins.
You can see within one day what happened on your gaming server in regards to a certain account.


* We got one report of a user who clicked a Bitcointalk phishing link, entered his information and then got his balance stolen on Satoshidice.
Which bitcointalk user name was it?
sr. member
Activity: 392
Merit: 250
SatoshiDice.com
We are continuously working to figure out what has happened regarding the reports of the missing bitcoins.

This is what has been found so far:
* As of yet, there is no evidence of the servers being compromised. Part of the work is to exclude that the accounts in question simply made a withdrawal and then stated that they didn't make the withdrawal.

* We got one report of a user who clicked a Bitcointalk phishing link, entered his information and then got his balance stolen on Satoshidice.

* We have seen attempts of password guessing on what appears to be big lists of emails. We do not store password in clear text in the database but we looked at real-time password attempts and there are several login attempts made with passwords such as "password" "sun" "god" "1234" ect. All those IP addresses are blocked and stored for future evidence.

* Please never use a simple or common password, or any password that you use on other websites.

* Please do not use the same email (and/or password) you use on Bitcointalk.
https://bitcointalksearch.org/topic/bitcointalk-hacked-and-data-for-sale-on-dark-web-1611117

* Satoshidice will never ask for your user email or password in an email.
hero member
Activity: 1344
Merit: 507
Jake, I am not a specialist.. but I have withdrawn 60 btc recently. There is NO confirming email for each withdrawal. So what they are saying,. if somebody sat on your computer, and logs into satoshidice and you had your password saved, he could easily have transferred the btc.
Request some more help from them. Let them give you you access report, addresses where the btc. went.. So you can figure out what happened. I agree that their support is very bad and that they should offer 2fa to avoid such risks and, and, and.. thats why I pulled out two days ago.
Hope you can figure it out.
Whaaat? If there are no confirmation emails, how can you prove that your account was not compromised? O.k., you could request the server logins in Curacao, as the gaming server is in Curacao and they have to store everything by law.
Pages:
Jump to: