Topic: Vulnerabilities in gambling websites in past - page 3. (Read 6916 times)

Well everything is relative, this is where it is shown that those who have a lot of money have many more options to succeed, that is, with more capital things can be better and greater opportunities can be generated for the business to flow, obviously a normal business ROI would be expected around 3 years or so, but to be honest I don't know what the ROI is for a casino when it is being formed and because of all the operational expenses that are implemented within a casino, including marketing, security payment, devs specialized in different branches of the casino, everything is an expense and it is an enormous expense, casinos are big companies.

Well, there is something that must be rescued, and that is that as time goes by, the best in casino security is bigger, they are getting stronger, but obviously intelligence is also growing, so this is something that casinos must be aware, there will always be people with bad intentions that when they see a vulnerability they will exploit it, that is something that always happens, for now I have seen a lot of security in the casinos that are in the forum, above all the security impresses me which has stake.com. bitcasino.io, sportsbet.io, are the casinos that I see the most with the highest computer security.


Yes, you are right, I think that a player can argue that if he is not in the terms and conditions he can fight with more bases in it, and possibly win, however now the layees for the casinos protect them a lot, since they started they accept that they can requiring KYC everything fell apart for some players who always seek anonymity and privacy this can be very annoying and for that reason there will be so many discussions and debates, but I am sure that in the future this will no longer be the problem, because little little by little privacy and anonymity is a right that little by little they have been taking away.

Upon developing an application like this a gambling casino there's a testing happen which is the beta and alpha testing, in beta testing those some bugs are fix already by the Quality Assurance Tester or the QA and make a report to the devs afaik some of them releases those in public so they can use it for a while and in the Alpha testing this is for the public release that open for the community and sometimes they saw the late bugs after release on the public so even though they given the testing already in Pen test still there's a possibility bugs might find by the users and it is good to report to help the devs too but sometimes if they saw a chance they abuse these bugs.

There's nothing that you can do to avoid the casino once they start to ask you about KYC, they have the right unless you see nothing from the terms and conditions which may be possible that they forget to write it up, but mostly they don't. It's the protection of their business and they claw for everyone. And with your point, casino ask KYC to protect also their business, with the government rules they needed to comply to continue their permits.



The costing for doing the test is much cheaper compared to a white hack that can exploit the casino, the damages that those hackers can do will be able to empty your casino capital, it's still cheap to do the bounty than to push your business and experienced such big losses.

I know you are right and this will help the casino team to regularly cross check for any bugs that could lead to hack which can cause big problem to the casino. Bug bounty program can only cause little spending fund by the casino compared to if the casino become hacked that could lead to bigger damages.
There are many ways to check for this which could also yield to the same result. Some casinos may be afraid of putting their sites into big risk of hackers using the opportunity to exploit their platform if any bud if found and it's not disclosed to the casino team.

On the time that you had made yourself able to build up that kind of trust and confidence on the gambling community, then you would definitely be able to expect that revenue which its just common sense for its
owner to allocate funds on continuing to enhance not only on looks and offering but also in security aspect as well.You cant really just ignore on this aspect because security is one of the most important
thing where people do really look on.If they do saw that they arent completely safe on the platform that they are playing then they would eventually flock away and would find another one.
There's no perfect security in all sites that we do have but having precautionary measures do always work wonders.

This is why pentests are so important, if you do a pentest before you go public with anything that means you are going to learn about what's going to happen, and any white hat hacker would be able to get you to fix something and you would be able to pay a decent amount of money for it but not get hacked in the future.

This costs a lot of course, it could be in a bounty type, like offer 10k dollars to anyone who can hack into it, or it could be more like payment, where you pay 2k to 5 different good white hat ones. With the second one you do not know if they did a good job, but with the first one there is 10k to be made so everyone will work very hard.

Money actually solve the high percentage of the problem here, when a casino is financially bouyant enough to withstand the challenges in maintaining it's website, proper management and administration of issues concerning gambling in general is very important, this includes the collective agreement between the management and how they respond to gamblers satisfaction of services, a gambling casino must make a protocol to observe a routine management practices and occasionally cross-check and receive feedbacks to avoid vulnerabilities at all cost, so money as been mentioned is one of the cogent factors needed in this area as well.

Sometimes we come across bug reward programs in casinos, especially casinos that have just launched. This is a great strategy because the casino asks everyone, including its members, to find and detect any vulnerabilities and report them to the casino. If they find it and report it to the casino, the casino will reward them and help the casino fix it immediately before people abuse the vulnerability. And besides, the casino must already have a security team that will always be on duty every day to protect their casino from any vulnerabilities and detect loopholes that people can abuse.

While building the website, some bugs are unknowingly left by the developers, which hackers exploit to hack the website.

I think casino websites should have bug bounty programs on their site.

So that, if someone /whitehat hacker finds a bug, he or she will inform the casino owners or security department of it in order to receive a reward.

After that, they (casino security department can fix the bug) and can avoid significant loss, by paying a small amount of money.


I've seen it on many major websites for whom security is very important. Like, facebook, twitter, paypal, google, linkedin, and shopify. etc

Well everything is relative, this is where it is shown that those who have a lot of money have many more options to succeed, that is, with more capital things can be better and greater opportunities can be generated for the business to flow, obviously a normal business ROI would be expected around 3 years or so, but to be honest I don't know what the ROI is for a casino when it is being formed and because of all the operational expenses that are implemented within a casino, including marketing, security payment, devs specialized in different branches of the casino, everything is an expense and it is an enormous expense, casinos are big companies.


I have the same opinion, he is not doing anything illegal and that is what matters, however when we observe that there are different types of KYC that are for the withdrawal of funds, and this one in particular, they have to make sure that everything is fine, more because it already comes from a minimum precedent, so in every casino when something like this happens, it is obvious that the alarms are activated, but nothing to write home about, sometimes these things happen and it is normal, personally I have always said that when a casino asks for KYC it is to comply with the licensing regulations and that is something that cannot be denied, because when you want to have more security in the casinos, they have to comply with it so that they do not close them and have their authenticity.

Yes, you are right. There were many vulnerabilities in gambling sites, and sites still have them. Things change occasionally, and fixes are made upon acknowledging those bugs. It was not a new thing in the past and the current ERA. These changes are a part of better development so need not be worried for the same.

They are using this system to ensure that they are protecting their business against people who wanted to have easy access to suck money from their house, maybe there are still some who can getaway and still doing the exploit but for most, it really hard to deal with the KYC which casino will going to ask you once your account has been triggered by suspicious act around the house.

Expect to process the verification for you to withdraw your money and assure the owner that you are not doing any wrong that is against with T&C.

KYC can be helpful only in case of individually hacked accounts. If the casino's admins suspect the user is not the real owner of the account then they can prevent him from withdrawing and ask him for kyc. Hackers can circumvent this by using VPNs to avoid any suspicions.
However, identity verication won't help if the vulnerability allows the hacker to access the casino's server or its wallets. In this case, nothing can stop him from stealing the money.

Maybe that's what you will feel if you use a lot of money to play gambling. But for those who don't use it, they will be fine. But those who hack into casinos will feel proud if they manage to break into that casino to earn a lot of money.

Casinos that lose their money due to vulnerabilities in their place should really protect themselves with all the resources at their disposal. And I'm sure the casino will show their hard work to their members by providing even better service.

Everything has indeed started to change since KYC was implemented in some casinos and to stop people trying to hack into casinos and find loopholes so they can break into it. But even if KYC has been implemented, maybe there will still be loopholes that people can break and it depends on the security at the casino and how the security team can overcome them.

And now, with KYC, casinos can protect their money from theft or misuse by people who want to take advantage of the vulnerabilities in casinos. And casinos are also constantly trying to improve their security so that there are no vulnerabilities that irresponsible people can use.

Thats why there's a user agreement first upon creating an account and giving a KYC and of course it is a consent too from the users, and also having a KYC just a verification that you are a human, and not really abusing the current system of the casino, people don't want to have a KYC because they know the possible might happen to their information which is partially connected with the different accounts and that's the major thing they don't want to spread out that's why still they want to play even without a KYC for the security purposes.

The sole purpose of KYC gives them enough time to investigate and make an appropriate decision, there are many incidences that force casinos to bring down those hackers and those people who exploit their business, you can do it as indeed but once being caught you won't be able to withdraw your money and your account and everything that relates to you will permanently ban.

It will be a hard take once KYC has been asked, the chance that the account is subject to anything can be imposed.

There are some people who would hack into casinos, and that is why we have KYC in most places, because hacked into a place and found a loophole and stole money from them and withdrawing that money, you are never sure if they are asking KYC because you are withdrawing a big amount, or they are asking it because they figured out what you have done and want your information. This is why these days it's easier to stop these people.

I remember clearly back in the day casinos would be forced to pay up, because they needed proof that someone stole money from them, if they didn't had any proof yet then the hacker would be free to withdraw easily without a problem. Not same these days all thanks to KYC.

But unfortunately, not many casinos will let gamblers withdraw their money after exploiting the casino, although some gamblers can escape the surveillance of the casino security team. This makes the gambler addicted to trying another day because they think that as long as the casino doesn't check on their premises, the vulnerability must still be used by them. But when the casino knows about it, it will simply block our account and we won't be able to do that anymore.

If casinos and companies don't pay more attention to the existence of vulnerabilities, their businesses will not be able to grow. It is because more and more people will try to exploit them for their benefit. And even their business rivals will try to eliminate them from the competition so that their business rivals can develop better. The issue of vulnerability is an important thing that every business owner must always pay attention to. For that, they must have a security team that will always monitor all activities in their place of business.

It is a question of attitude. Many casinos and many companies or business in general kind of have a blind eye on regards to vulnerabilities. It is a question of having the right professionals or else it may just go unadvertised. A good safety consultancy is expensive, not to mention hiring personnel to deal with it, so unless they are really motivated they will eventually run into trouble.