Bitcoin Forum

Rollin.io was hacked recently

35BTC were stolen by a user who won with 100% win chance

https://bitcointalk.org/index.php?topic=687571.msg13674226#msg13674226 check this

https://i.imgur.com/Zf5IoqR.png


for PD it was Hufflepuff
for Rollin.io it is now povpobava007

He reached 11level in 1hour

become the fastest one to reach 35BTC
had least losses and MEGA wins
he has also won now Caesar.So that means he won 0.5BTC more DAMN!!!

Very nicely done!   That is not an easy one to pull off.  Kudos to the cracker that pulled that one down.  Although I assume that it was not the kick that got them,  they must have dropped right after that.

relax security closed page :) he will lose all he deposited prob :D
regards.
-Katerniko1

Damn! I hope that he failed to withdraw all! It would be a big loss for Rollin ..

I wonder how someone did it ?! For sure good lesson about security for Rollin support.

It needs access to server.But how he did got back there is still to find out

Too bad for rollin if the hacker managed to withdraw.

Admin will tell us what exactly happened we have to wait for them to reply..

Rollin.io is a rigged site

If a player can get access to that server and manipulate the result for a 100% win chance

The admins of Rollin.io have access to the server too and can always manipulate the number that you roll, and always make sure you lose when your bet amount gets bigger. The admins also can manipulate the result that is 100% in favor of them.

I have verify that player roll with 100% win chance and Rollin.io provably fair system show me that the bet is VERIFIED.

Rollin.io is a rigged and scam site, their provably fair system is fake and rigged

I dont think the site is rigged.If you think so please come with valid proof.

For your current proof. It is invalid as the system will show it is obviously fair. Why?

Because he was playing >1000000  .Suppose if a roll comes like 97 .Obviously it is lower than 1000000 .So it will show up as fair.

And also one thing keep in mind win chance is percentage and percentage never exceed 100% when it comes to chance.

Chance is probability so it will go up maximum as 1 or 100%

Go and get to school and ask that to your MATHS TEACHER to verify

Any proofs beside your words about their fake and rigged system?
It is not easy to hack a casino, I guess hacker found some exploit in the code or backdoor. I am eagerly awaiting full confirmation from the staff of Rolling.io.

lol this is just too funny that a big site like rollin.io lets this happen
pretty big shame

35 btc you say?
Like the funds that reached this address today?: https://blockchain.info/de/address/12GyAnMqb5KzxVW4PxQd1RfTaRcg1HB2de

Lets go on a journey: Walletexplorer lists known hot-wallet addresses of rollin here: https://www.walletexplorer.com/wallet/Rollin.io/addresses
When checking some of the addresses, we find a transaction shortly after the time of the bets placed in OP: https://blockchain.info/de/tx/c75ed9da343492b4a959409626881f37a8f0d2d4bc8376f66b7cc6156cba115f
They either emptied their hot wallets or someone else did it for them.
Lets check the address where the funds got moved first: https://blockchain.info/de/address/1MMcNfLfjfBxnk8KKoLJhma1MPJ2igUPcN
Starting today, there were alot of 0.5BTC transactions in a short amount of time.
Like someone finding an exploit and slowly testing how far he can take it?

It's only the wildest speculation I did here, so don't take it too serious. Probably it was them emptying the hot wallets, but if not...well, thats a hard hit.

If they indeed cought this in time and managed to stop any withdrawels for the time, than it is not that bad.

Hackers and crackers will always try to get in, it is how you deal with it what gives you the reputation.

Nah someone from rollin.io told me that he was in with skype with rollin admin and that guy had transacted some 20-30btc with 0.5  btc transactions.

I think maybe you are right here

wow, it is amazing to be able bet at 100% with no failures at all. looking interested :o :o :o

I am not sure they intentionally allowed a thief to steal 35Bitcoin from them lol But they should of course have some of the best security of all the Bitcoin gambling sites to stop potential hackers. Turns out they never! Does anyone know if the player managed to withdraw? (seems he did manage to) If they did it was a massive failure with a win that big at least small checks after that many transactions or that big should be required.

That guy being the rollin admin securing their hotwallet or that guy being the bettor, who slowly got out his profit?

I think bettor.He ripped off 35 btc out of rollin.io  within 1 hour. It came to light after 1 hour when kiran noticed it and stopped the site .
Hopefully it wasn't big as PD .

Are you sure this is teh case? Because maybe the guy managed to withdraw before security noticed something strange was going on since someone can't never have that much amount of luck, and well the 100% win thing is hilarious.
Is there any way to guarantee that the site you are playing at is safe against such attacks? I never store money outside of my local wallets but I want to know just in case.

Actually, if you check https://blockchain.info/de/address/1MMcNfLfjfBxnk8KKoLJhma1MPJ2igUPcN he started draining somewhere around 13UTC, and rollin only got any idea what's going on when he issued his big 10BTC withdrawal at 16:37UTC (17:37 in timezone of the screenshot above).
So he probably was doing his "system" with smaller bets for a long long time, and then decided to cash in big, regardless of the risk being noticed, as he was.

Hmm.. Interesting ..let me call the staff of rollin to see this..

I will investigate , Admin need more security

It looks like Guitarplinker already confirm that BTC are stolen.

How is the Investigation going?

Well, my website (playcoin.eu (http://playcoin.eu)) was also attacked today. The hacker have stolen 1.29 BTC.
So good luck to rollin.io, even if the amount is much more, we are in the same situation.
We will survive !

there is a question in my mind, why would the hacker use 98% win chance and get small amount of profit in every bet he made if he can still win those bet using 1% win chance? something sounds really fishy in this case. rollin.io dont have investments so admin cheating to them isnt possible. hmmm

He didn't know the outcome of the bet, but could change the win chance so that even though the "system" would notice according to 98% win chance he would be losing most of the times, the loss limit(less than a certain number), meant that any number above 99 was impossible to achieve.
This might have something to do with levels and house edge, just a guess though.

what really it is the work of a hacker, I think gambling sites have good security systems

Is there any more proof that the BTC is actually lost from the wallet? I checked out the website and it now seems to work fine. If someone stole oer 35BTC I don't think just a day will solve all the problems. Could someone post additional proof saying that the website actually got hacked? I'm a bit skeptical about this one.

I think pic. I posted in main post is enough to explain that. If you really want to know go to rollin.io and check legend and caesar page .Also mod there can confirm that too.

Why a separate thread instead of main thread for this? Is it to draw a hufflepuff type effect to rollin? Not defending rollin I'm not a fan of their site but this is just unnecessary.

how did he do it? <10000
 What paved the system?

This thread is created by a user of site its not official and I ask them they are saying its only owner account hacked all other is working ok without any problem

Still no idea atm.Wait for admins to come ,they will come over to it.


It was not like hufflepuff attack on PD.
The hacker here in rollin.io didnt manipulated seeds,instead he just tweaked up a single bet condition which made him to win  up to 35BTC

I think he knew the bugs from rollin.io  :-\

May be if the hacker using 98% they would probably wont see this because 98% is such a great odds and to hit 99 it should be probably low enough. Rather than 1 % chance there is no way someone would do that because the chance is too low and the max payout is only 6.3k mbtc. There is no way you could keep on winning by using that to achieve that 35 btc

I am guessing that the 98% was a side-effect of the method used to abuse the bug. May be it understood that 1000000 is a big number, bigger than 98 and so set the largest possible win odds? lol

Did rollin.io complain?, may be the guy was just lucky because of rollin.io's fault. How do we tell that he used a cracker?. I see all greens and it appears he was lucky.

Well admins are taking a look over it. We are too waiting for reply from rollin admins

Sure. If there could be some reds and they had smaller amounts or zero and the greens were having big numbers then I would say he used a cracker. Otherwise this might be an insider who knows the server seeds and was able to control them.

i can't be 100% sure but site went down in couple mins of him playing and i dont think rollin had 35btc in hot wallets so i think he didnt get a penny back :D but rollin have to confirm it first :)
regards.
-Katerniko1

This bet (https://rollin.io/dice/history/1984123301) proves it.

Rollin had 25 BTC in their hot wallet, and they were stolen.

When people like will stop existing from this planet ? How could you even celebrate over someone's losses by cheating ?Rollin.io is one of the best dice sites I have ever played it and I don't think this is funny .

It's all a very good luck and strategies used by him is very special. He understood the tactics used in the gambling and understand very well about the flow of the site.

So it all is not a hacked, but great luck experienced by him. I think you are very jealous towards them or shock because he wins big in a very short time

NO,there is no less than a million multiplier,I too didn't get that on the first sight but there is no chance for him to lose here and hence it's an exploit/bug whatever you want to call it.No tactics nor experience.

I don't understand why these thieves try to withdraw everything at once and there any aren't countermeasures to make the withdraw manual. Especially for new users.

Also this one quote from guitarplinker, you might want to add this quote to op, so people wouldn't ask the kind of this question repeatedly.
So sad to hear Rollin.io got hacked , a security for big site like Rollin already broke.

Well leave it.They are all raged up players who left up playing on sites like rollin just because they lost up while playing with high win chance.They put on calling rollin.io a scam without having any further proof.

I also agree that rollin.io is a fair site and not a scam.

 :o WTF this hack is too obvious to find, cause the bug is 100% sure, and i hope rollin won't let him withdraw the coins, 35 btc is a big amount of money, so i think rollin won't give him instant withdrawal, anyone knows the recent progress? If he wanna hacks, he should bet a little and withdraw a little so he can get instant withdrawal

According to the earlier posts he successfuly withdrew already 25 BTC or such. There was an address posted earlier. The site will probably go bankrupt unless the owner can cover the loss.

I don't understand this either. I think if a new user is going to withdraw more than 1 BTC this shouldn't go automatically, admins should check first if it was a fair play. I think that's not that difficult to do.

Yeah mods at rollin.io confirmed that estimated btc he withdrawed was around 20-30 BTC

Update:Rollin.io admins just cleared hacker(popobava007) roll stats and removed his name from caesar prize

There is always split between hot wallet and cold wallet. Admin can not control all withdraws 24/7 - it is mostly automatically. This time thief was withdrawing multiple times  0.4995 BTC. (so less then 1 btc ;) )

From posted links we can see that in hot wallet was around 10 BTC. Interesting for me is how someone withdraw more then is in hot wallets..?  ::)

Walletexplorer provides snapshots of the blockchain at certain intervals, known hot-wallets were filled with roughly 10 BTC at time of the last snap.
They either got filled more between the time of the snap and the time the attacker beginned draining them empty,
or rollin has some more hot-wallets unknown to walletexplorer (their list might not be complete after all).
If you check the last snap "Updated to block 395056 (2016-01-26 00:58:20).", their walltes are almost empty, only around 0.1BTC left in hot-wallet funds: https://www.walletexplorer.com/wallet/Rollin.io/addresses

OK. So as i can see there is four options.
1. Rollin have more hot wallets.
2. Bitcoin is not stolen
3. Is stolen only around 10 BTC.
3. Hacker stole BTC from hot and cold wallet. (unlikely, but still possible)

Without info from Admin we can do nothing right now.

And 10 Btc is a small amount ?

1) Possible
2) Nope, it's confirmed that he stole over 20btc, and if you check my first post, I tracked the movement of 34,23BTC from rollins hot-wallets.
3) That's his last withdrawal, before he withdrew around 25 btc in packets of 0.4995
4) Very unlikely.

#1 Yes, they likely do, because everyone creating an account and depositing bitcoins is a new bitcoin address that is part of the hot wallet. At least, that would be normal design. Use the deposits to pay out instead of depositing into cold wallet and transfering to hot constantly.

Of course NOT. Sorry for word "only" - edited.


So - or more hot wallets, or .. from where was coming this last withdraw (10btc) if hot wallets should be empty?
Some automatically filling up hot wallet in the moment when is empty?  

Edit: yep - from fresh deposits is possible, but 10btc.. hmm

Damn, That is a big big lose for them I hope they can recover. Havent yet checked the website but are they closing shop for awhile? Seems like that must be the case if there is such an exploit. I need to get on there and make sure I don't still have btc on my account there. Will keep following this thread and hope for the best for rollin.io

So, no hack:


case with wallets still open.. 25 btc in hot wallet? a bit risky..

yeah I was also thinking about the same thing with you, I know rollin not a gambling site a scam, because I know rollin well with all their users

Yeah they keep up that much to provide their users instant payout.Last time ,Hesam won around 33BTC and they give him an instant withdrawal.

At least they didn't get hacked, but still bad that someone was able to exploit the site with a cheat.
Hope not any other harm was done besides this.

Wow, 25 btc for a single exploit? Although it seems pretty small compared to hufflepuff incident. Just hope rollin will be back up and rollin, also hoping they won't decrease the faucet again  ::)

Lol how does faucet decrease comes here.  I know that some users are annoyed with the faucet decrease but it was only taken to decrease faucet-farming which was going as an alarming issue for rollin.