Pages:
Author

Topic: Vulnerabilities in gambling websites in past - page 30. (Read 6983 times)

hero member
Activity: 1666
Merit: 753
February 12, 2022, 03:57:39 PM
#25
Yep, Hufflepuff is the largest exploit that I know.

Though right now, it is increasingly unlikely that casinos have any significant structural risk associated with them given that they have been around for years now and have great security. Stake and Roobet has even entered the mainstream market which means that they've been battle tested millions of times.

This brings up an interesting point - if you are a retail gambler and have hit a win streak, don't expect that it's an actual exploit. A lot of people out there trying to sell martingale esque strategies off as exploits.
hero member
Activity: 2744
Merit: 588
February 11, 2022, 05:02:44 PM
#24
There are still some weaknesses in the gambling sites, but what can be done about them? There is a lot of talk about cheating and arbitrage betting. Perhaps rightly so, but what can be done about it? That hassle with table tennis and cams, that does not make sites happy. And then with corona you also had a lot of competitions that were manipulated by the bookies. There are too many matches to monitor all of that in time.

These are rather inane questions. One of two things is going to happen to sites that have a vulnerability like the examples given. Either they will have measures in place to limit the damage and eventually be able to identify the bug, as we saw with the hacker who was kind enough to disclose a glitch. The other possibility is that the staff fail to identify that they have a losing edge against a player, if the automate withdrawals then it's very possible they'll be wiped out before there is any chance to figure it out. These are very profitable businesses when done correctly, so when you see dead sites then you know they probably lost a fair chunk of money and gave up.
Good gambling site always have a backup plan and if there’s a problem between the players and the site, I’m sure they can handle this one. I didn’t hear any news about the hacking incidents on any gambling site, I might not aware of any news but for me they are really secured, I’m talking about the top gambling site. If you see any anomaly or issues about the site, ask them first and if they didn’t coordinate you can always start your accusation thread and warn other people.

Their security protocol should always be topnotch because there are some gamblers that will really exploit the vulnerability of the site.
So if their system got a hit of possible unusual activity, they should check that out immediately, before that player siphoned all their bankroll.
But there are still some honest players that will report the bugs encountered, but the site should not rely on those honest players.
Because most of the time, the player will take that opportunity as most are playing anonymous when it comes to crypto casinos.
newbie
Activity: 1
Merit: 0
February 11, 2022, 04:53:31 PM
#23
There had been quite a number of Vulnerabilities in gambling websites since 2011 from satoshi dice to primedice and a lot more.

What was the total number of exploits and which ones were the lethal ones, I think that hufflepuff guy on primedice did the most damage.
The exploit was called something like "Race time condition" and I read something similar in my CS class but it was related to a banking system so it could be different.

Basically, it was giving multiple inputs to the system trying to get some response from the system in 2 places, and then exploiting the system.

Also, Is there any list for me to check regarding exploits? I'm thinking about developing something so it may come handy.
full member
Activity: 2086
Merit: 193
February 11, 2022, 04:52:23 PM
#22
There are still some weaknesses in the gambling sites, but what can be done about them? There is a lot of talk about cheating and arbitrage betting. Perhaps rightly so, but what can be done about it? That hassle with table tennis and cams, that does not make sites happy. And then with corona you also had a lot of competitions that were manipulated by the bookies. There are too many matches to monitor all of that in time.

These are rather inane questions. One of two things is going to happen to sites that have a vulnerability like the examples given. Either they will have measures in place to limit the damage and eventually be able to identify the bug, as we saw with the hacker who was kind enough to disclose a glitch. The other possibility is that the staff fail to identify that they have a losing edge against a player, if the automate withdrawals then it's very possible they'll be wiped out before there is any chance to figure it out. These are very profitable businesses when done correctly, so when you see dead sites then you know they probably lost a fair chunk of money and gave up.
Good gambling site always have a backup plan and if there’s a problem between the players and the site, I’m sure they can handle this one. I didn’t hear any news about the hacking incidents on any gambling site, I might not aware of any news but for me they are really secured, I’m talking about the top gambling site. If you see any anomaly or issues about the site, ask them first and if they didn’t coordinate you can always start your accusation thread and warn other people.
legendary
Activity: 2688
Merit: 1192
February 11, 2022, 04:48:11 PM
#21
There are still some weaknesses in the gambling sites, but what can be done about them? There is a lot of talk about cheating and arbitrage betting. Perhaps rightly so, but what can be done about it? That hassle with table tennis and cams, that does not make sites happy. And then with corona you also had a lot of competitions that were manipulated by the bookies. There are too many matches to monitor all of that in time.

These are rather inane questions. One of two things is going to happen to sites that have a vulnerability like the examples given. Either they will have measures in place to limit the damage and eventually be able to identify the bug, as we saw with the hacker who was kind enough to disclose a glitch. The other possibility is that the staff fail to identify that they have a losing edge against a player, if the automate withdrawals then it's very possible they'll be wiped out before there is any chance to figure it out. These are very profitable businesses when done correctly, so when you see dead sites then you know they probably lost a fair chunk of money and gave up.
hero member
Activity: 2590
Merit: 644
February 11, 2022, 04:46:56 PM
#20
Here's some similar scenario but this one only talks about 35 BTC.
https://bitcointalksearch.org/topic/rollinio-hacked-1340581

It was on Rollin.io which is already dead or down as of this moment.Nothing on this world is unhackable no matter how tough the security would be. Tongue

But in the case of the casino, once it's hacked that's the end of that casino, only big casinos offer refunds or protect their player's money compared to exchanges where they can do a refund and insured their trader's money, I don't think there's the same guarantee that they can offer that they will do a refund.
I think the main reason why casinos fail after a big hack is that they lose the trust of their customers, even if there was a big hack as long as a business still retained their customers somehow then a path to recovery exists, but many players when they see that their preferred casino has been hacked even if they were not affected they are going to be reluctant to play there anymore, which causes casinos to definitely close their doors.
^ Probably that is a possible reason but usually most of them are just because of losing the fund and can't recover. It could be the trust too, and they can't able to send back to their users the fund that has been hacked. But usually, it ends up closing the site, I have been witnessed a gambling casino that has been hacked some of them have closed and some did not which is fully recovered from the hack and I think this is a case-to-case basis which vulnerabilities is only on the mind of the players not on the site.
legendary
Activity: 3094
Merit: 1127
February 11, 2022, 04:41:08 PM
#19
Here's some similar scenario but this one only talks about 35 BTC.
https://bitcointalksearch.org/topic/rollinio-hacked-1340581

It was on Rollin.io which is already dead or down as of this moment.Nothing on this world is unhackable no matter how tough the security would be. Tongue

But in the case of the casino, once it's hacked that's the end of that casino, only big casinos offer refunds or protect their player's money compared to exchanges where they can do a refund and insured their trader's money, I don't think there's the same guarantee that they can offer that they will do a refund.
I think the main reason why casinos fail after a big hack is that they lose the trust of their customers, even if there was a big hack as long as a business still retained their customers somehow then a path to recovery exists, but many players when they see that their preferred casino has been hacked even if they were not affected they are going to be reluctant to play there anymore, which causes casinos to definitely close their doors.
Once trust and confidence is broken then there's no way that it could be returned or recover and this is the part of reality on which people would normally be having those kind of insights after an incident do happen because it is really just part of human instincts on finding a place which is something that more of secure than on the recent one that they engaging on which its a normal step for them to find
another place which doesnt really have some hacking incidents or histories.They dont like to experience the same thing twice but its true that getting hacked once doesnt mean that their security
wouldnt really be have an improvement but in most cases or most common impression would be something contradictory.
legendary
Activity: 2716
Merit: 1383
February 11, 2022, 03:23:54 PM
#18
Here's some similar scenario but this one only talks about 35 BTC.
https://bitcointalksearch.org/topic/rollinio-hacked-1340581

It was on Rollin.io which is already dead or down as of this moment.Nothing on this world is unhackable no matter how tough the security would be. Tongue

But in the case of the casino, once it's hacked that's the end of that casino, only big casinos offer refunds or protect their player's money compared to exchanges where they can do a refund and insured their trader's money, I don't think there's the same guarantee that they can offer that they will do a refund.
I think the main reason why casinos fail after a big hack is that they lose the trust of their customers, even if there was a big hack as long as a business still retained their customers somehow then a path to recovery exists, but many players when they see that their preferred casino has been hacked even if they were not affected they are going to be reluctant to play there anymore, which causes casinos to definitely close their doors.
hero member
Activity: 1890
Merit: 831
February 11, 2022, 01:28:20 PM
#17
We have to understand the fact that it's not just about bugs but generally people abuse these bugs as well. There are many people who will try to do it using an external software or just use the already existing glitches. But we must understand the fact that these bug abuses won't really make you rich and you might even have legal charges against you. 

I think if you are going through with it you must focus more on the software induced bugs, which generally is due to the software provider.

There have been so many bugs over time an example:
Quote
One of such examples is the scandal that took place in Videoslots casino in June 2019.

At that time, due to some technical error, Edict slots had been crediting winnings without deducting wager amounts from players’ balances before the bug was found. It took the operator 48 hours to realize there’s a problem. Meanwhile, players enjoyed absolutely risk free gambling and real money payouts.


https://affgambler.com/casino-bugs-real-life-cases-and-operators-reaction/
sr. member
Activity: 285
Merit: 262
February 11, 2022, 12:18:16 PM
#16
This is a fun topic. I'm a security researcher and actively look for exploits in casinos and other crypto spaces daily. I can't give nonpublic details, but I can talk about some of the more common things I find.

The BitMillions exploit detailed here (https://bitcointalksearch.org/topic/bitmillionscom-scam-386711) was publicly known for a few days before the site operator fixed it. Keno, lottery, and bingo games tend to be vulnerable to similar exploits.

Craps games from various operators are often vulnerable to two different but similar attacks sometimes seen in physical casinos. A large pass bet is placed on the come out roll and then picked up or significantly reduced if a point is set. Alternatively, a small don't pass bet is placed and then increased and odds laid depending on the point. For example, if the point is 4 you might increase your bet 100x while if it's 8 you might leave the bet alone. These types of slightly +EV rather than instant win exploits are among the most sought after for bad actors as they generally look like normal gameplay.

Games in which multiple bets are placed on a board like roulette or sicbo can often be exploited. A developer will perform a sanity check to see if a bet falls within its limits and this prevents a person from placing negative losing bets. The proper way to do this is the check that each individual bet falls within limits, but sometimes a developer will take the sum of all bets and make sure it's above some minimum. This means you could place a bet of -90 on 0, 50 on red, and 50 on black to usually make 90 units per bet. You might also lose 3340 units if the ball hits 0. There may be ways to mitigate or eliminate that downside, such as betting a negative on -1 instead of 0. Various casinos and development studios have been vulnerable to this.

Sports betting sites are not immune to exploits either. Odds on single events can sometimes be manipulated in favor of the operator, so not very useful, but parlays can sometimes be made with the same event multiple times.

The most dangerous exploits I've found are pf seed leaks. These come in a few flavors. In the early days of bitcoin, dice sites would often generate a file with multiple years worth of daily seeds which were used site wide. The scheme here was hash(server seed + client seed + global bet number) to find the winning number. A popular dice site was vulnerable to a directory traversal attack which allowed the seed file to be read. As another example, there is a crash script available now that leaks the server seed whenever a player does a cash out. To exploit, a person sets up two accounts, once places the minimum bet and cashes out immediately, while the other places a large bet, waits for the cashout message of the first player, finds the outcome of the game from the leaked seed, and cashes out immediately before that point.
full member
Activity: 994
Merit: 105
February 11, 2022, 11:04:53 AM
#15
There are still existing vulnerabilities in gambling websites till this day, but I believe they are not as notorious like before and many are just seldom occurring and are workable to be fixed immediately. Although, one thing I observed to be happening frequently than the others is the issues with regards to the security and such, and like what @ayuskabob said, it is majorly the new ones. Maybe this is also in the question of the capacity of the team to acquire such resources and services that could help them fill these vulnerabilities.
hero member
Activity: 1610
Merit: 507
February 11, 2022, 10:46:17 AM
#14
Most of the Casino right don't have exploit because they done audit on all there software before they can get there license. Most of the exploits are only minimal and not that serious compared before since most of the gambling software is just on the trial phase.

Only promotion and faucet abuse is the only known error encountered on the current established casino.
We can not be sure because they will not announce how the exploit penetrates their system. The public will only know that their site has been compromised and hacked by someone and made the gambling sites lose the money.

Maybe the site does not know about the software, but their technicians and security team can detect if something wrong happens to their site. Even they make a bounty to the public or members to find the bug on their site and reward them based on the critical bug they find.

I do not know about the vulnerabilities in gambling websites in the past as I do not visit or play gambling too often. Maybe I only heard the gambling sites were hacked.
newbie
Activity: 20
Merit: 0
February 11, 2022, 10:37:54 AM
#13
There were previous stances were besides these so called race time condition,java web token were used to exploit these casinos,from what it seems ,its always the new ones,since the big ones already had their fair shares of people trying to break in their system and probably already fixed many of these issues.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
February 11, 2022, 09:04:14 AM
#12
I reported a possible exploit in the Slot game "Mount Magmas" - Push Gaming. Where highrollers could exploit the way that the daily and Super Jackpot could be won with limited wagering. They disabled the game to patch up the exploit and to make it fair for everyone that are hunting these Jackpots.  Wink

It is a pity that it has been months since I have reported this and there are no news on when it will be fixed and when it will be enabled again.  Sad  This was one of my favorite Slots ...and quite unique ..because the Jackpot was not accessible by a network of casinos that hosted the Slot, but rather the gamblers from that specific casino that hosted the slot. (Your chances of winning the Jackpot was so much bigger)  Wink

The casinos did not lose money, because the Jackpot would have paid out in any way, but people who knew what to do.. repeatedly won the Jackpot and other people had zero chance of winning it.  Angry
legendary
Activity: 2604
Merit: 2353
February 11, 2022, 08:50:48 AM
#11
Most of the Casino right don't have exploit because they done audit on all there software before they can get there license. Most of the exploits are only minimal and not that serious compared before since most of the gambling software is just on the trial phase.

Only promotion and faucet abuse is the only known error encountered on the current established casino.
You really think crypto casinos are making audits for getting their licenses? Most of them have no license at all, and the ones which have one, usually bought it from some providers in Curaçao island or from other dubious offshore locations. In fact they are mostly concerned by their cyber security because they're afraid of being robbed by hackers while they are making good profits. But you're wrong there are constantly loopholes discovered and exploited by legit users and malicious hackers in casino games.
newbie
Activity: 82
Merit: 0
February 11, 2022, 08:26:21 AM
#10
There are still some weaknesses in the gambling sites, but what can be done about them? There is a lot of talk about cheating and arbitrage betting. Perhaps rightly so, but what can be done about it? That hassle with table tennis and cams, that does not make sites happy. And then with corona you also had a lot of competitions that were manipulated by the bookies. There are too many matches to monitor all of that in time.

The problem with all those vulnerabilities that the bookie can cancel the results or even stop your withdrawal once they have this opportunity and let you know that you have used those weaknesses to win.
legendary
Activity: 3318
Merit: 1247
Bitcoin Casino Est. 2013
February 11, 2022, 07:54:30 AM
#9
I think that right now Cybersecurity engineers are hired from most major casinos to do penetration testings,audit all the IT infrastructure and that of the whole website of the casino together with all related elements needed to make it a safe place.The major reputable casinos only launch after finishing these tests and they do it regularly even when they are running to assure themselves that they will not be easy targets for hackers or bad actors which can be from script kiddies to state actors.When I deposit and play at one of such casinos I am free of worries that bad things will happen.
sr. member
Activity: 2436
Merit: 455
February 11, 2022, 07:21:47 AM
#8
There are so many vulnerabilities that have shown in several websites already in the past. One of the most known vulnerability of a website is being abused by the players to an extent of gaining something from it by violating the terms and conditions. Just like what happened way back in primedice wherein they encountered a problem on their system that happens to give a some sort of cashback whenever there's a withdrawal made. Some recognized this and managed to have multiple withdrawals made for the cashbacks. That is an exploitation of glitch and therefore anyone must be banned because it could cause a disruption in the ecosystem of the game.

There are still many more such as security and the likes. This should really be prevented to avoid abuse from anyone. Hence I commend you for taking the time to ask and gather information to make something to prevent it from happening again. Hopefully you'll succeed and be able to share us your discovery.
copper member
Activity: 2968
Merit: 575
www.Crypto.Games: Multiple coins, multiple games
February 10, 2022, 07:12:53 PM
#7
There were lots. Just dig the forum and use google, you will find some. The primedice bug exploit was one of the notorious one.

-snip-
Before I finish with the starting 0.1 the site blocks my account with close to 0.03 on it. and I never recover that money. I was just getting information to report the bug, ut for them I abuse the system and they never give me my money back.


I hope this information helps you in your development.
Most of the "bugs" you mentioned weren't actually bugs. Bug is something that will gives an unexpected result. Claiming faucet with multiple account and tipping it to another account isn't a bug. It's more like a feature abuse that you took advantage of. And yeah, they will obviously ban your account and won't listen to you. Why would they believe you? Imagine someone exploiting a bug on purpose and when he gets caught, they say "i was just testing to make sure its actually a bug", would you believe him?
sr. member
Activity: 1932
Merit: 442
Eloncoin.org - Mars, here we come!
February 10, 2022, 05:50:43 PM
#6
Here's some similar scenario but this one only talks about 35 BTC.
https://bitcointalksearch.org/topic/rollinio-hacked-1340581
Well the continuation, this hacker also hacked Primedice before and got 1000 bitcoin profit on PrimeDice in part one, and in part 2 hackers got 2000 bitcoin profit. This time will perhaps be the biggest profit have got and I don't know if the hacker was able to manage and withdraw the bitcoin successfully.
[ https://bitcointalksearch.org/topic/hufflepuff-making-2k-btc-on-primedice-nov-2014-march-2015-update-he-cheated-843892 ]
The account was named Hufflepuff on Primedice and povpobava007 in Rollin.io.
Pages:
Jump to: