There were previous stances were besides these so called race time condition,java web token were used to exploit these casinos,from what it seems ,its always the new ones,since the big ones already had their fair shares of people trying to break in their system and probably already fixed many of these issues.
If the new casinos need to have more funds so they can secure the site, then I think this is possible as long as you offer a legit site, hackers and scammers can easily go on any site and collect the details, the gambling site should do everything to avoid any incidents like this, we are on a great time already where there’s a more strict way to protect the site.
Topic: Vulnerabilities in gambling websites in past - page 26. (Read 6916 times)
If they wont really be putting up some importance on security neither they are running off a casino or exchange then it would surely be having that toll or effect later on which they shouldnt really be that confident.
Not only players could exploit possible security lapses or those common hackers around on trying out to snip if they could really bypass any service or platforms security and these are indeed common targets.
Somehow only few incidents that we are seeing about hacking incidents but we shouldnt really be that too confident.
Yeah and I won't be too confident if I am a casino site owner. It is not a good practice if you won't upgrade the security of the site and as what khaled0111 said, prevention is better than cure. It's better to be safe than sorry and it would be a problem if ever the platform you own is hacked and hacker was able to get some funds even if it's not all of it but refunding your customers would be a huge loss on profit plus the customers won't be confident enough to gamble in a site as what khaled0111 said which is they will lose the trust of their customers.Not only players could exploit possible security lapses or those common hackers around on trying out to snip if they could really bypass any service or platforms security and these are indeed common targets.
Somehow only few incidents that we are seeing about hacking incidents but we shouldnt really be that too confident.
Even you could really patch up or do make out some compensation to those users had been affected but still the trust would be totally be not 100% anymore unlike into those platforms which
doesnt still have that hacking incident or scenario which it should really be a standard thing overall when it comes to security.They should really put emphasis or focus on.
There were previous stances were besides these so called race time condition,java web token were used to exploit these casinos,from what it seems ,its always the new ones,since the big ones already had their fair shares of people trying to break in their system and probably already fixed many of these issues.
If the new casinos need to have more funds so they can secure the site, then I think this is possible as long as you offer a legit site, hackers and scammers can easily go on any site and collect the details, the gambling site should do everything to avoid any incidents like this, we are on a great time already where there’s a more strict way to protect the site. 
...
Signup bonus usually comes up with the wagering requirements. You need to wager a particular amount before you are eligible for the withdrawal of that bonus. Even if we consider it legal, to create as many accounts, no one can't be lucky to retain all the balance in gambling in order to fulfill the wagering requirements. He will lose money and most of the accounts will be zero.
If he is lucky to survive and make money, he can withdraw but there is a likely chance that gambling sites will find it fishy that many accounts are being made from a single IP and they may ask for KYC for suspected cases.
Signup bonus usually comes up with the wagering requirements. You need to wager a particular amount before you are eligible for the withdrawal of that bonus. Even if we consider it legal, to create as many accounts, no one can't be lucky to retain all the balance in gambling in order to fulfill the wagering requirements. He will lose money and most of the accounts will be zero.
If he is lucky to survive and make money, he can withdraw but there is a likely chance that gambling sites will find it fishy that many accounts are being made from a single IP and they may ask for KYC for suspected cases.
This is right, most of the casinos that offer a welcome bonus have the policy of 'one account per user', and if they find someone cheating they will freeze all the accounts.
Users can get caught by their IP, but cookies can make this job too.
Is it still a vulnerability to take advantage of free money, such as a signup bonus? Create a large number of accounts in order to receive the signing up bonus and transfer it to your wallet, for example. In my opinion, it has long been known that a gambler will open a large number of accounts and deposit the money into a single wallet in order to amass a large sum of cash. However, this is only valid in the past, as the majority of signup bonuses are now locked and cannot be withdrawn from the site.
Signup bonus usually comes up with the wagering requirements. You need to wager a particular amount before you are eligible for the withdrawal of that bonus. Even if we consider it legal, to create as many accounts, no one can't be lucky to retain all the balance in gambling in order to fulfill the wagering requirements. He will lose money and most of the accounts will be zero.
If he is lucky to survive and make money, he can withdraw but there is a likely chance that gambling sites will find it fishy that many accounts are being made from a single IP and they may ask for KYC for suspected cases.
Is it still a vulnerability to take advantage of free money, such as a signup bonus? Create a large number of accounts in order to receive the signing up bonus and transfer it to your wallet, for example. In my opinion, it has long been known that a gambler will open a large number of accounts and deposit the money into a single wallet in order to amass a large sum of cash. However, this is only valid in the past, as the majority of signup bonuses are now locked and cannot be withdrawn from the site.
If all accounts are being created by the same person, it will be considered cheating, indeed, and the casino will have to fix this vulnerability by adding extra security measures to spot the abusers and stop the abuses.Unfortunatelly due to the high incidency of cheaters taking advantage of every promotions and giveaways disponible, some casinos limit or decrease the benefits for gamblers on their platforms. In another cases, casinos are forced to adopt unpopular measures which go against gamblers' privacy in order to keep the system protected from abusers.
Is it still a vulnerability to take advantage of free money, such as a signup bonus? Create a large number of accounts in order to receive the signing up bonus and transfer it to your wallet, for example. In my opinion, it has long been known that a gambler will open a large number of accounts and deposit the money into a single wallet in order to amass a large sum of cash. However, this is only valid in the past, as the majority of signup bonuses are now locked and cannot be withdrawn from the site.
While security it is a place in which a casino should invest heavily to protect themselves from threats like hackers, some casinos try to lower their costs and decide to slash their security budget as this is something that cannot be seen by the player and many times it is just assumed that the casino is doing everything they can to protect their customers, however later on those casinos are found by hackers and that is when we hear of the massive hacks that can happen to casinos and exchanges as their security was not up to the standards required in the industry to secure the funds of their customers.
"Prevention is better than cure." If the casino owners want to have a successful casino and be able to compete then the security of their platform must be one of their highest priorities. Besides, in case they get hacked they will lose way more than what they would've saved by lowering the security budget. It's not only about money, if they get hacked they will lose the trust of their customers which will be hard to regain.
Security does matter and it should really be a standard thing and luckily we arent really seeing that much scenarios or hacking incidents as of these years or recently which does prove out
that security does really becomes more stronger as we do go ahead not just like in the past but we couldnt assure everything if you do ask me.
What we need is a gambling site which is as decentralised as possible and which does not store funds.
This idea is only good for the business, yes its somewhat secure the funds, but not a customer-friendly. If this is executed by a smart contract imagine you need to pay fee for transaction or gas everytime you bet from your wallet. This is not reasonable and no users will last not unless the fee is too small that it cannot affect enough your wallet balance. Since bitcoin doesnt have smart contract that works like that then the gambling site will only work using its token? Nah, I don't think it can gather lots of users here though. You cab call it a revolutionary or secured, but nevermind.
Well, if you consider smart contracts and cryptocurrencies of blockchains like for example, the Binance Smart Chain, then you pay mere cents for each bet. That does not sound like a lot to me? So you pay 14 cents and you bet instead of 1 USD, 86 cents. if you want. Seems fair. Even for the poorest among us, that kind of gambling should be affordable. Most bet at least 10 USD so the 14 cent fee won't even be noticable.
Perhaps there can be some sort of bonus system to even out the fees?
Thats a question you could ask in the other subforums of Bitcointalk. Project development and services would be good places to start looking for people that may be able to help you with the answers. I myself am no expert on developing smart contracts or even gambling software coding. Services subforum has developer experts looking to get hired for a job and the project development subforum has many people like yourself, working on different areas of diverse projects.
You might get lucky. Definitely luckier than in the gambling discussion subforum.
i am in need for such developer that create such, but does it run like the normal non smart contract dice games? are there any examples ?
I didn't see any examples yet but having such kind of system for gambling will be a fully dependent to the token/coin as means of payment which will give a disadvantage to a pro bitcoin or other major cryptocurrency used in gambling deposits. No matter what blockchain it uses, playing there will always be costly in the long run IMO.
What we need is a gambling site which is as decentralised as possible and which does not store funds.
This idea is only good for the business, yes its somewhat secure the funds, but not a customer-friendly. If this is executed by a smart contract imagine you need to pay fee for transaction or gas everytime you bet from your wallet. This is not reasonable and no users will last not unless the fee is too small that it cannot affect enough your wallet balance. Since bitcoin doesnt have smart contract that works like that then the gambling site will only work using its token? Nah, I don't think it can gather lots of users here though. You cab call it a revolutionary or secured, but nevermind.
Well, if you consider smart contracts and cryptocurrencies of blockchains like for example, the Binance Smart Chain, then you pay mere cents for each bet. That does not sound like a lot to me? So you pay 14 cents and you bet instead of 1 USD, 86 cents. if you want. Seems fair. Even for the poorest among us, that kind of gambling should be affordable. Most bet at least 10 USD so the 14 cent fee won't even be noticable.
Perhaps there can be some sort of bonus system to even out the fees?
As you mention, there have been a lot of Vulnerabilities in the past. I have personally reported vulns is some gambling sites, the ones I remember was:
2.- Prime dice
Some years ago this casino gets an update where each time you make a withdrawal you get back 0.0001... so if the min withdraw was 0.001 then you could earn easy money with this. I depo 0.1btc to my account, then send a tip of 0.001 to a second account and withdraw it. i get 0.0001 back, then I send another 0.001 tip and now withdraw 0.0011, I get back 0.0001, and I repeat the process a lot of times. Before I finish with the starting 0.1 the site blocks my account with close to 0.03 on it. and I never recover that money. I was just getting information to report the bug, ut for them I abuse the system and they never give me my money back.
2.- Prime dice
Some years ago this casino gets an update where each time you make a withdrawal you get back 0.0001... so if the min withdraw was 0.001 then you could earn easy money with this. I depo 0.1btc to my account, then send a tip of 0.001 to a second account and withdraw it. i get 0.0001 back, then I send another 0.001 tip and now withdraw 0.0011, I get back 0.0001, and I repeat the process a lot of times. Before I finish with the starting 0.1 the site blocks my account with close to 0.03 on it. and I never recover that money. I was just getting information to report the bug, ut for them I abuse the system and they never give me my money back.
Just saying, what if the bug itself was intended for instances like these. They will create such bug and trap somebody who notices it, and by the time they put more bitcoin and withdraws it, that moment they will send you the notice of abusing the system. I am not accusing them for that but is there a chance we can counter something like this if these was positive? Just expressing my thoughts though, nothing personal and would gladly read some answers.
Well if you want to read the full story here is the old thread from 2014:
https://bitcointalksearch.org/topic/primedice-3-bugs-scams-my-bad-experience-800264
There I explained 3 bug and how users can exploit them, the intention was to give a warning to the casino, and after that they fixed the bug.
The answer I got from Stunna was:
Quote
There's a difference between responsibly reporting a bug and getting caught abusing one.
But he was right, I should report it in the moment I found it.
As you mention, there have been a lot of Vulnerabilities in the past. I have personally reported vulns is some gambling sites, the ones I remember was:
2.- Prime dice
Some years ago this casino gets an update where each time you make a withdrawal you get back 0.0001... so if the min withdraw was 0.001 then you could earn easy money with this. I depo 0.1btc to my account, then send a tip of 0.001 to a second account and withdraw it. i get 0.0001 back, then I send another 0.001 tip and now withdraw 0.0011, I get back 0.0001, and I repeat the process a lot of times. Before I finish with the starting 0.1 the site blocks my account with close to 0.03 on it. and I never recover that money. I was just getting information to report the bug, ut for them I abuse the system and they never give me my money back.
2.- Prime dice
Some years ago this casino gets an update where each time you make a withdrawal you get back 0.0001... so if the min withdraw was 0.001 then you could earn easy money with this. I depo 0.1btc to my account, then send a tip of 0.001 to a second account and withdraw it. i get 0.0001 back, then I send another 0.001 tip and now withdraw 0.0011, I get back 0.0001, and I repeat the process a lot of times. Before I finish with the starting 0.1 the site blocks my account with close to 0.03 on it. and I never recover that money. I was just getting information to report the bug, ut for them I abuse the system and they never give me my money back.
Just saying, what if the bug itself was intended for instances like these. They will create such bug and trap somebody who notices it, and by the time they put more bitcoin and withdraws it, that moment they will send you the notice of abusing the system. I am not accusing them for that but is there a chance we can counter something like this if these was positive? Just expressing my thoughts though, nothing personal and would gladly read some answers.
If they wont really be putting up some importance on security neither they are running off a casino or exchange then it would surely be having that toll or effect later on which they shouldnt really be that confident.
Not only players could exploit possible security lapses or those common hackers around on trying out to snip if they could really bypass any service or platforms security and these are indeed common targets.
Somehow only few incidents that we are seeing about hacking incidents but we shouldnt really be that too confident.
Yeah and I won't be too confident if I am a casino site owner. It is not a good practice if you won't upgrade the security of the site and as what khaled0111 said, prevention is better than cure. It's better to be safe than sorry and it would be a problem if ever the platform you own is hacked and hacker was able to get some funds even if it's not all of it but refunding your customers would be a huge loss on profit plus the customers won't be confident enough to gamble in a site as what khaled0111 said which is they will lose the trust of their customers. Not only players could exploit possible security lapses or those common hackers around on trying out to snip if they could really bypass any service or platforms security and these are indeed common targets.
Somehow only few incidents that we are seeing about hacking incidents but we shouldnt really be that too confident.
Well, if you consider smart contracts and cryptocurrencies of blockchains like for example, the Binance Smart Chain, then you pay mere cents for each bet. That does not sound like a lot to me? So you pay 14 cents and you bet instead of 1 USD, 86 cents. if you want. Seems fair. Even for the poorest among us, that kind of gambling should be affordable. Most bet at least 10 USD so the 14 cent fee won't even be noticable.
Perhaps there can be some sort of bonus system to even out the fees?
Then 1$~ish fee for every 10 bets is still not reasonable no matter what's the amount use to bet. Plus not so many are fond using tokens to play which mostly can only get from swaps or so.Perhaps there can be some sort of bonus system to even out the fees?
If the gambling website will not implement bitcoin as payment option since the platform is made for smart contract I'm afraid it will be popular as what gambling website in this board.
Of course its reasonable? If you care about your privacy and your wallet not having someone elses hand in it, then you want decentralization. And if you have to pay a dollar for every 10 bets you make, then thats just the price of freedom. Think of it as a fee. And for that fee, nobody can freeze your account or take your funds from you. Seems like a fair bargain to me. And it might make people think a bit harder/carefully on the kind of bets they wish to make.
While security it is a place in which a casino should invest heavily to protect themselves from threats like hackers, some casinos try to lower their costs and decide to slash their security budget as this is something that cannot be seen by the player and many times it is just assumed that the casino is doing everything they can to protect their customers, however later on those casinos are found by hackers and that is when we hear of the massive hacks that can happen to casinos and exchanges as their security was not up to the standards required in the industry to secure the funds of their customers.
"Prevention is better than cure." If the casino owners want to have a successful casino and be able to compete then the security of their platform must be one of their highest priorities. Besides, in case they get hacked they will lose way more than what they would've saved by lowering the security budget. It's not only about money, if they get hacked they will lose the trust of their customers which will be hard to regain.
It is true that there is always a risk when playing at casinos that do not really have a long history in this market, however as long as people are prudent with their gambling then most of the time they are not going to have too much of a problem with those casinos, however the biggest risk at least when it comes to the topic at hand is to play in a casino that is relatively new but that got recent success, as that is the perfect scenario for a hacker to try to get some money as it is unlikely the security is as good as what they can find in established casinos and as such are easier to hack.
Not all new casinos are easier to hack but we can't deny that some are hacked when the casino success or starting to gain the gambler's trust. Even the old ones are hackable if the hacker finds a flaws in that casino then it will be most likely to get exploited by the hacker that will result in loss of funds or accounts of the gamblers. That's why casinos always work to make the security even more secured and find which is the reason why it got hacked and then fix it.Security is just a basic or standard thing for a business owner to mind off since this would really be a profitable business and involves big money if this business succeeds on which it would be normal
that you would really need to secure in terms of handling out the business well.NOthing is unhackable but you could take precautionary measures for you to avoid.
Not only players could exploit possible security lapses or those common hackers around on trying out to snip if they could really bypass any service or platforms security and these are indeed common targets.
Somehow only few incidents that we are seeing about hacking incidents but we shouldnt really be that too confident.
It is true that there is always a risk when playing at casinos that do not really have a long history in this market, however as long as people are prudent with their gambling then most of the time they are not going to have too much of a problem with those casinos, however the biggest risk at least when it comes to the topic at hand is to play in a casino that is relatively new but that got recent success, as that is the perfect scenario for a hacker to try to get some money as it is unlikely the security is as good as what they can find in established casinos and as such are easier to hack.
Not all new casinos are easier to hack but we can't deny that some are hacked when the casino success or starting to gain the gambler's trust. Even the old ones are hackable if the hacker finds a flaws in that casino then it will be most likely to get exploited by the hacker that will result in loss of funds or accounts of the gamblers. That's why casinos always work to make the security even more secured and find which is the reason why it got hacked and then fix it.Security is just a basic or standard thing for a business owner to mind off since this would really be a profitable business and involves big money if this business succeeds on which it would be normal
that you would really need to secure in terms of handling out the business well.NOthing is unhackable but you could take precautionary measures for you to avoid.
I don't know if the Famous casinos will have that security, because I understand that one of the things that a casino platform spends the most on is security.
Any respectful crypto service that cares about its clients and the safety of their funds, must have a hot/cold wallet setup. And, tbh, most of the reputable casinos I know of have such implementation. The only problem is that some of them keep in their hot wallets more coins than needed which render it useless.Quote
Although there are currently few casinos that have experienced this type of attack and have been successful, that is why the 2FA security layer is always very necessary for users.
Unfortunately, 2fa won't help if the website itself is compromised. 
Well perhaps leaving your crypto on a gambling casino wallet is still good for a short period of time like a day or weeks, beyond that --that is too risky.
The problem here is that you don't know when a hack will happen. So, it doesn't really matter for how long you leave your cryptos on the casino. But, surely, the shorter the less risky! (not your keys not your money).The goud thing, though, is that the money used for gambling is supposed to be a money you can afford to lose and you are supposed to be aware of the risks involved.
On the other hand, I believe securing customers funds is mainly the responsibility of the casino. The least they can do is to have a hot/cold wallet setup. This way even if they get hacked most funds will remain safe and it won't result in their bankruptcy.
Although there are currently few casinos that have experienced this type of attack and have been successful, that is why the 2FA security layer is always very necessary for users.
Jump to: