Topic: 🔶 YOLOdice.com 🔶 suspended on 16st Mar 2021 - page 45. (Read 143533 times)

I don't think it's possible to change your deposit address after every transaction on my account I had two deposit address for bitcoin but only one for the altcoins. If you're worried about your privacy what you could do is to use a mixer for each deposit.

Is it possible to deposit to yolodice with a new random/dynamic deposit address each time, for btc/ltc/doge?

That's a big mistake for people thinking that it's just a waste of time for setting up the 2FA since the risk is so high and we don't know on when the attack occur or will happen unto us, But this is a lesson learn for the people who encounter an unfortunate incident so provably they know the importance of 2FA, although this is a time waster since we need to spend more seconds before we can log in to our account but the convenience and safety brought by this feature is so good for us.

Same here. You can never be too secure.
2FA can sometimes be an extra hassle but it’s the only way to secure your account from unauthorized withdrawals if someone cracks your password or you pick up some malware on your pc.

Lesson learned.
Keep everything protected.

I just updated my settings for everything because of this incident.
Although I know Yolodice is secured, your PC may not be anytime.

I think this 4 is important since they cannot withdraw unless they have your phone.

For the last few days some users were having issues connecting to our API endpoint (api.yolodice.com). At the time I've checked if everything is OK on our side and I thought it was. Apparently it

Things should work fine now. The issue was that one of the trusted web certificates was not updated on-time, which honestly affected millions of websites all over the internet. You can read about it by googling "Sectigo SSL Certificate Root Expiration". Since our issuer did not approach us to update our certificate chain bundle we honestly did not know about the issue till yesterday.

At the same time  browser connections were OK - somehow modern browsers have a mechanism that can cope with such rare incidents.
​
We have updated our chain certificates and DiceBot and other bots should be able to connect without issues.

If you still have any issues connecting, please let me know!

Cheers,
Ethan

People just like to make pointless comments over and over to spam their signature. That's what this forum has become.

Hey, something a bit more optimistic:


Today we've launched a Tor service at


This is our small contribution to Internet privacy.

In most cases you'll see much worse performance over Tor compared to connecting directly (less bets per second) simply because of number of hops in the Onion network. Increased latency however is a small price to pay for (almost) ultimate privacy.

In Tor mode no external code from 3rd party websites is loaded.

Check out our Tor endpoint and post any comments you might have!

Cheers,
Ethan

Hey,

I don't really get why a single hack of unknown origin is causing so much discussion. It seems the thing is going public, so let me summarize what I've already sent via email, as soon as I learned about the incident:

__If__ this is a hack, then all my logs indicate that the source is the victim's PC. My server logs show clearly that the request to close the investment comes from user's PC. Before that, the connection was hanging idle for several hours, doing regular browser<->server request. It looks like normal traffic from the browser and most likely was. So after a few hours of idling there comes a request to close an investment, exchange DOGE to BTC and withdraw, and connection closes.

There were no unauthorized logins to the server, just regular traffic, all from the same IP and the same browser.

It's not possible that this amount of logs was created by hacking into YD servers. Logs are distributed to a few machines, and they are different kind of logs - authorization logs and system logs, access logs and event logs. We  use centralized ELK server for logs to make log analysis much easier (and possible) and be able to correlate logs related to a single event. Believe me, I know what I am doing here.

I can say with 100% certainty the source of the "hack" is external. I don't want to contradict anyone's story without having the knowledge of what happened, but analyzing the situation on my end there are 2 possibilities:

1. The user leaves the PC on, logged into YD, for a few hours, unprotected. Someone else comes by, uses physical access to the PC and uses the opportunity to quickly wipe the account clean.
2. The PC is infected with malware and remote hacker can take control over PC, manipulate the open browser and act on user's behalf.

I cannot see how we could take responsibility in any of these cases. There is literally nothing that would indicate a different scenario.

Rest assured, YD is secure.

Cheers,
Ethan

 

You have invested 20k doge and came back with almost a %10 return, that is a very very big return when you look at it % wise. Sure 2k doge is not really that much itself but that means if you had 200k, you would have 20k as well, hence why its awesome return when you consider the 10% part. About the login, could it be api? I don't know if there is any api that allows all of this, exchanges do have it but I don't know about the casinos, I have a feeling that if there is api, you do not even have to login to anywhere to withdraw someone's money.

There are plenty of dice auto system type of deals, where you use it (most trustable one is seuntjie for example) and it logs in for you instead of you and maybe that way someone got a hold of your account and stole it? I agree that just because one account was hacked, it doesn't mean the whole website was hacked.

There was even website that people actually lend money to others. I do not remember the name of the website but from early days of bitcoin (not too early, like 2012 or something) to very recently there was 2 famous websites where people asked for loans in bitcoin and others would give it to them. Depending on how you did, you would get a better rank there as well.

So you started with zero credit at all, and asked for something small first, but you ended up paying that back, which increased your rank on the website, you kept doing that over and over again with slightly more and more money, and eventually you paid back a lot of money, which looked like you were a solid person to lend out to. However you came back and ask for even more, and at that point you just took it and leave. After too many times of that happening website realized people would get scammed far too often and closed down.

I think in the login history logs are created this way, like whenever user login it just creates a small log with device information, IP address, operating system, browser details, etc. it doesn't log every time when users perform operations like open/close investments or exchange, etc.

let's say you log in for 7 days(without any disconnection) and you perform some operations like exchange/invest/divest (here for whole 7 days it will create only one log).

on the side note, I want to share one more thing I been playing/watching YOLOdice for 3+ without 2fa/any master address and invested some significant amount, I never had any issue like account hack or anything.


just assume the site has been hacked or whatever. there are like some 300k+ accounts in YOLOdice so far why do hackers only choose examplens account instead of rest of the 300k+ accounts. (this clearly shows there is something wrong on your side). as I stated above I never keep any 2fa or master address to my YD account (3+ years) never had any issue.

---

Here are the results after investing for one-month . profits are impressive.

The more ways you can protect your information the better. It's the users choice on how they want to secure their funds. They have additional options -- if they choose not to use them then its their own choice. If you just have a username and passcode you're limiting your protection (that's my opinion).  Ethan has answered you, he's checked thoroughly and sent you the server logs.

If youre going to send new coins, use 2fa. secure your account.

After this accident, I have checked my PC with a few anti-malware tools and I did not find anything unusual in my PC. Also, I did not change the password in any of the other services which I am using in the same PC and I did not find any suspicious activity on any of them.


if we do nothing it is also resolved. I have no feeling that is resolved.
To be honest, I am not happy at the end here. I got two possible scenarios from admin, and of course, my computer is compromised or someone else had access to my computer.
without any deeper thought and check, the blame is laid on me.

I still don't understand, why in login history I can't find any activity in time when someone close investment, exchange DOGE for BTC and withdraw it. If someone does this from my PC, probably this activity will be in login history.

I will probably send new coins more to try to catch the thief in action.

btw, If your platform is not secure without 2FA and master address, why then it is not obligatory to activate it?
activating master address, this is only to protect BTC withdrawal. whether it protects if exchange for ETH and withdraw ETH?

Sigh,,, this happens every site I go to and I do not know why online, people have this really bad habit. It usually starts out well. They "loan" a guy a small amount and the guy pays back with a small tip. So it gets bigger the loan and then it never gets paid back.

I have seen countless arguments over loans, some sites even ban both lender and borrower.

No one would ever think to ask or lend at a real casino. Why people do it online I can never understand.

Well good to hear that and it's not really good to leave our account without executing a 2FA or any other security measures since it will be easy to the attacker to penetrate and stole the balances of their target, It's good to see Yolo doing a counteraction if this is true but anyways I don't see the people claim that his issue resolve or I just missed to read the confirmation regarding on the solve issue.

This has already been resolved. The site is secure, and the admin make sure of that. This boils down to a user not having full security of his account because they didn't have 2fa or a master address on. Leaving your money in a vulnerable spot without protecting it is user error.

Are you fine if that happens to you? and why do you conclude that casino is not guilty while they should check their site security day by day to see if there's no intruder can penetrate on their site and as what he said he don't have any log in activity and why does he  encounter those issue.

It's their job to make their user safety so they should act on this issue and check if their site not compromised or the person who claim is victim of malware,phising or any attempts existing in the net.

It does look like hacking all around. In a situation like that casino is not the guilty part, neither is the user, it is the hacker that is guilty and the common enemy. Normally casinos wouldn't want the fact that their users could be hacked easily and their money would be taken, that is not something casinos would want get out, so they wouldn't want something like this to happen to any of their users. Users wouldn't want to be hacked as well.... that is pretty obvious.

So, there is really no guilty part here. What could be done and should be done is to follow up on who stole it, check who and how reached the account together, and create a lawsuit to whoever has done it. Usually on crypto world when hacked people don't really do the legal way but they really should do it if they can.

I wish i had merit to send, this response is everything <3