Topic: Warning to casinos about a big Casino Exploiter (Read 391 times)

If you would have read the topic, you would have seen the player abused a bug.

Not sure if I should feed the troll: Game providers don't have to cheat to earn a profit, having an edge over the player is enough. That doesn't make cheating okay.

Thanks for your reply. I just felt it was my duty to point at this if there's a slight possibility this might be the cause of an issue. I'm glad you identified and fixed the issue, though.

Thanks a lot for reading the report, we appreciate it a lot!

Indeed, that's basically what happened, he was able to know the result before finishing the game, so he would bet higher or lower, depending on the outcome.

So this is a warning to all casino owners, as we have reasons to believe that this user (or group of users) has been trying to exploit multiple casinos for some time now (I changed the name of the topic to reflect this, thanks for the suggestion, LoyceV).

I read all 7 pages of your detailed report. Note that I can't verify any of the data, but I don't have any reason to believe it's not accurate.

What I get from this, is that under certain conditions the server would return the game results to the player, without marking the games as being played. After this, the user could play the same game again, while already knowing the outcome. The player abused this bug by purposely sending malicious requests to get the game results.
If he knew a winning game would come up, he bet bigger than if he knew the game would lose.

Posting Bitcoin addresses won't change anything: we can't independently verify any of the evidence, and still have to rely entirely on DomingoX6's post.
After reading the report, I have no doubt the user exploited the site.

Might I suggest to change the title: it now sounds like someone with a gambling addiction instead of someone who's exploiting the site.

By that logic, all thiefs would be innocent as any theft would always be the victim's fault. It doesn't work that way.

We've sent LoyceV our detailed report to see if he'd be willing to read through it and give his thoughts on our methods and proof.

The exploit was already fixed on our website, and we actually used the fix to also create a "trap" (included in the report), via which we wanted to confirm that the abuser was using the exact same method as we were able to replicate and assumed from all the logs and server requests he was making – as expected the trap once again confirmed this, and as expected after the user found the exploit to be no longer working, he immediately stopped playing and requested a cashout of their remaining balance funds (which we will obviously not approve).

@allyouracid From our understanding md5 is only potentially breakable given enough time to get certain collisions, which was absolutely not the case here. The wins were predicted consistently with basically no delay – essentially it was a code issue on our side, including some user input in some games not being verified correctly, or rather said, in certain very specific situations it caused a potential exploit where user would get unhashes values on next result back, but ONLY if spoofing certain requests with specific data.

No way, even if the casino has some design issue, winning by cheating (any method) is not OK. You can expect to, for example, get a casino that shows both server and client seeds (making it possible to determine the outcome) and still get paid after exploiting that mistake. It's simply nuts AND dishonest

You should give concentration of your site how they are trying to abuse your site. You should stop that if you cant stop that from your side then that is obviously your fault. In this case you cant decline if any user win. You should find out your fault and resolve that by yourself.

Hello. Reading this made me wonder: you don't happen to be talking about the MD5 hashing algorithm? It's officially broken since a long time, already.
Also, always make sure to validate user input. Never, ever, ever trust form data. The basic assumption / general rule of thumb is that user input is by default evil and manipulated. Always validate!

That's the best action you can take, for now, and posting the method and posting how he is did this exposing him and his or their method, I don't know if there is or are similar exploits like this but casino operators should be aware of this, this is a gambling industry and we all want fairness in winning and losing even though the established fact is the house always win, I'm sure no one here wants gambling casinos to lose their business through exploit and cheating, likewise, we don't want gamblers to lose through cheating.

There is a need for that if you want to prove it's really him without any doubt, and since you posted all information it means nothing to us unless we see some address connections.
Maybe he is not working alone and has a team of people who are abusing your website for months, so transaction history would be the proof you need.
My suggestion is to create some bounty reward program and finally fix that bug exploit in your website.

Nowadays scammer are more clever to hide his identity and connections, that's why you can't find 100% proof of their connections. Why you not asking their KYC since it's mandatory on your casino? I think you need to disallowed using VPN in your casino, if their country doesn't restricted to access your casino... then why they need to use VPN in the first place?

There're many trusted users here, one of them is above me.

---

Edit :

Since hauzenberg were using same name with his email, so I expect this user were using same email mentioned above. There's only one user I found, seems like merhaba is his name account on your casino, no? This word has a relation with Turkish.
 

If you believe someone cheated, you should leave negative feedback with a Reference link to this topic.

That doesn't make it right.

So if someone is forging requests and actively looking for exploits on our website, in order to gain an unfair advantage which are completely against the ToS of any casinos/business, that is not considered stealing/abusing our site?

We mentioned there's several clear connections between the accounts, including IPs - and even if they weren't connected, each of them was still abusing the exploit in the games.

If you cant catch the exploitation of your site then it is the fault of you and the gambler took chance of the fault of your site. You are claiming the user has multi account and share the details of several account but you could not tell any duplicate withdrawal or withdraw to a same address from multi account also you have not mention a IP address which has been used to create or open multi account. So, how to understand the person really used multi account and abuse on your site?

We honestly didn't look into the connection between the withdrawal addresses as there was no need really -> All of the accounts exploiting used the exact same pattern of registration/playing, email setup, and a shared pool of VPN IPs when playing the games. They also were generally played 1 at a time/day and not interconnect gaming sessions, likely to make it look like different users are playing, and lower our guard portraying it as "he invited other big gamblers" - several of these accounts were also self-referred, to gather additional referral commissions.

How we were able to 100% determine which users were using the exploit, was actually pretty straightforward, when we had a period of no site activity other than 1 of these accounts at a time. We managed to combine server access logs for requests from all of our pool of web servers, which painted a very clear and undeniable image:
- all made from the same IP; and there were no other users playing our games at that time
- the requests were made to one game at a time, in a specific order, which was clearly not how requests should follow one another playing our games regularly.
- the request timestamps clearly matched with database entries of his gameplays

These patterns and crossmatching with our database logs allowed us to find and replicate exploit with 100% accuracy, which we eventually checked all of our games for, and found the exploit to work in a subset of specific games, which were all played on his accounts and exclusively gains of practically all of his profits.

Then there's also clear stats about his gameplays, where with tiny bets he had a <5% win rate, and on his maxed out bets a 50%+ win rate, on games that pay out on around 20-30% of the wins. And with his amount of hundreds/thousands of plays on each of the accounts the odds are practically nil of that being able to happen in the history of the universe. Obviously this is not proof, and was reason why we were approving cashouts despite this for so long -> as without concrete  proof of exploit (and being able to replicate it), we always trust the user, no matter the losses on our end. But it was the reason to invest more time and eventually figure it out.

If there's a trusted user we could send a sample of such proof and methodology to, we'd definitely be happy to!

have you found any connection to the withdrawal addressed he used? if yes, you should share it here.

I am not sure if this would be the right move, if the evidence you have includes sensitive information about your gambling site that should not be shown to the public I suggest asking a reputable member/s here in the forum to look into the evidence you gathered showing that the user in question was actually exploiting your gambling site.

Hello!

We wanted to warn everyone about a user on this forum. The user is hauzenberg -> profile link: https://bitcointalksearch.org/user/hauzenberg-3122651

This user has found an exploit on our website www.playbitcoingames.com in several of our games, and has been exploiting it with several multiaccounts since February. To date, he has stolen over 1BTC from our website, usually being active once per month, pretending to be a "High roller", so we would be less supicious of his actions and assume he is legit, and just being lucky.

He was essentially betting huge on our bets, and appearing to be very lucky in several of our games. We had several investigations at various points, but were not able to prove any exploit being used, and just kept attributing his unbelivable winning streak to good luck. In the beggining this still made sense as up to a few thousand plays it still felt potentially legit, but as it kept happening month to month, it became increasingly clear something is off.

But as we have been understaffed and were not able to look really in-depth in this, and as we tried to maintain a good reptuation, we kept approving his cashouts -> he also clearly made an account here only to pressure us publicly into approving his wins, and unfortunately it kind of worked.

Just over a week ago, we looked into it again, and digging through server logs, and looking for patterns, noticed there was something weird -> essentially it seemed as he was able to predict with basically 100% accuracy his big bets on big wins (but he faked it down to 50%, to not appear as crazy, to what should've been 10-30% chances) – we looked as far down as our http/apache logs to look at server requests, and found he was indeed spoofing & creating various bets with invalid data and in specific orders, to find exploits in some of our game's md5/pregenerated results system.

As we noticed some suspicious activity reading his activity on this forum on other casinos, we wanted to alert all of you of this user, and if he is also "seeming lucky" on your casino, to investigate him THOROUGHLY.

Here is all the information we have on this user:
- he uses VPNs, but is usually sloppy/lazy and mostly uses German VPNs
- his emails are in 99% cases disposable ones @protonmail.com, so we'd suggest to be vary and check any users using those emails as well.
- here are several emails we confirmed to use the same exploits (which are him or even his friends): [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
- there's likely a ton of others he used to abuse our free offers/free spins, but that's not as such a big issue to us, and "impossible to prove"
- Here is a list of several of his Ips, confirmed to be exploiting: 185.210.217.132, 152.89.163.172, 178.239.198.228, 178.239.198.30, 136.144.17.12, 193.37.255.216, 45.123.117.25, 31.171.152.37, 178.239.198.196
- here are some of his bitcoin withdrawal addresses he used: 1ESZGM1kXuk8TXZQzcXdaZsSXFYeHUNBh8, 1CmM4YH5yx9H6aN1Bi63ptJo5crMrKwrxX, 168v8C5TdYR6MyfHGC4HMLWXJxNXeKBBC4,193uKVVxE2eu3eWdgHsJxskoJkrvNpQSQo, LZgiWgeEw6VdqNYnr9DZe1VS4xBwaG5awU,15UPnMwhmAqdLsdFeGVMKVLN7dVVPUKPnE , 15KxaAfdDLDmYPWPCviGF6Yzi47RZoJKM2, 1Mk8osiWVHfdWmpbeYYYsiC3rSNGfdUWmA

I can't share exact details of what he did in our site, but essentially he found a way to send additional and/or requests with adjusted data, to trigger some cases where he was able to get unhashed result for the next play before the next play or before play ended, and adjust/increase his bet. It was caused by some coding inconsistencies in some of our games.

We hope any of this information helps, as we are 100% confident he has tried abusing other casinos as well – and very likely successfully, as otherwise he wouldn't keep doing this.

Kind regards.