Bitcoin Forum

It appears that the back end provider behind Betcoin.ag/PlayBetr.com/Coinbet.ag has suffered a data breach caused by a rouge employee. This breach happened in February of 2019, and the affected sites are currently investigating. It is currently believed that there were no cases of unauthorized access after February. Neither sites have delivered an official statement yet, but this thread will be updated once they do.

Disclaimer: This post contains information that I believe is true based on publicly posted information as well as private messages with Betcoin and cheatedplayer (https://bitcointalk.org/index.php?topic=5164989.0). I strive to ensure the accuracy, however I cannot guarantee the accuracy of this information.

---

What was breached?
It appears that the entire database of the provider was stolen. This includes:

• Usernames
• Emails
• Encrypted Passwords
• 2FA Info
• Account Balances
• Transactions
• Support Tickets

Account balances are NOT at risk, barring any high difficulty bruteforce attacks against specific accounts without 2FA setup combined with email password reuse.

---

What actions should be taken?
It is claimed that the database is not for sale (https://archive.is/FNxGe#selection-515.0-515.12), however I would not be surprised if it becomes available in the future.

> Change Your Password
From my understanding, passwords were properly stored as salted hashes. This prevents rainbow table attacks and requires that passwords be bruteforced individually. However, I would still recommend you change your passwords on the affected websites, as well as any sites you've reused the password on. This is especially important if you are using a weak password. It's unlikely that anything will come out of the encrypted passwords, but it doesn't hurt just in case.

> Be Wary of Phishing
Anyone with access to the database now has a highly targeted email list of those who bet with crypto. There may be a rise in phishing attacks specifically targeting players on Bitcoin gambling sites.

---

Official Statement:

---

Self moderated to prevent signature spam. Local Rule: This thread is to discuss the data breach and not for scam accusations against either of the sites.

That is bad news to the people who have an account in the said sites. Why is it that the balance is not at risk?. I don't think that everyone have their 2FA enabled and if the rouge employee did able to get the important information that is in the op's list then I think their balance is at great risk if those people did not take action on changing their security.

Passwords were fortunately secured properly so mass bruteforce attacks are not possible. If a hacker wanted to try to steal account balances, they would have to individually bruteforce passwords which is not a practical attack vector. In the event that they did bruteforce a password, the account might be empty in the first place (balance info from Feb 2019 was stolen but nothing more current), withdraws have to be verified via email and the site may hold the withdraw until they verify that it is the original player.

This is part of the reason we believe Bitcoin gambling (without KYC) will take over the online gambling industry.

Bank data is susceptible to this, why wouldnt an online gambling site lose customers information one way or another   ::)

Interesting thread OP linked, that the hacker started and the operator joins in the conversation, worthy of popcorn for the time being. 

https://bitcointalk.org/index.php?topic=5164989.20

IF player funds were at risk, most of us would expect the guy to have moved other players funds with all this data. Obviously change account info on the site as DarkStar_ posted earlier.

Thank you, DarkStar_, for bringing this situation to our attention.

After an in-depth investigation into this matter, it was determined that a former programmer of the software provider, who had legitimate access, was able to gain additional access and download the database of Betcoin and several other licensees of the software.  After this relationship was terminated, he no longer had any access to the database and at no time did he have access to any company or user funds. This is a very serious situation and we immediately devoted all resources to it once we were informed of it.

We are bombarded by threats, DDOS and extortion attempts on a daily basis and each one improves our security. We are extremely regretful that this incident took place, but at no time was anyone’s passwords or funds in jeopardy. We do recommend that all players use a high-level password for both their email and Betcoin accounts and that you activate 2fa for additional security. If anyone needs assistance with an email or password change or setting up 2fa, please contact us any time.

We wish to thank all of our players who have been so loyal to us since we first started in 2013. In this new age of technology, you often hear about some of the largest companies in the world having been breached and unfortunately, this is how new security methods are created. But we are happy to say that, throughout these 6 years, we have never had a player balance or password compromised. We will continue to improve and refine our security methods and we look forward to the next 6 years and beyond of serving our great players. If you have any questions or concerns, please let us know via DM, support ticket or email.

I would recommend sending an email alert out to your customers who were affected by the data breach to notify them. Can you confirm that the rogue employee had no access after February of 2019?

We will be notifying Betcoin users shortly. The research on this just concluded, and we can confirm that he had no access after March.

Great to hear, thanks.

Thanks for the update Darkstar. I recently checked out Betcoin.ag and played for a bit over there after the change in their owners and the updates they have been making with time, but I did not expect something like this.

Luckily, I don't have any balance currently though the way they are dealing with this situation proves their reliability over time. At this rate, I feel their trust feedback could go back to neutral soon. They need to employ stricter measures while selecting their employees.

The more important concern here is that why is the backend provider handling user data in the first place? Most sportsbooks/casinos keep user data themselves and send data as needed between the providers, rather than the sole provider having all of the information?

You can't really fault Betcoin for a problem caused by their provider. That would be like blaming Discord if Google got hacked and all info was stolen off of Google Cloud.

!!!  Agree  100%

Where is the proof, ex-programmer? Lol!!! Maybe devOps drupal or laravel , mayby inj databases mysql? I suggest to make a thread at gambling = 2 weeks hack now or not betcoin.ag again? How dice)))
My thread  i'm update 4-5 days. thnks.

A u sure? Not March or end April =) ?

I think this very well could be a lie.

Blaming a former employee looks much less bad on Betcoin than a third party gaining access.  Also, Betcoin has a history of telling blatant lies both big and small.  (Including lying about having a "new start, new owners etc", multiple times, in order to blame past scandals on someone else)

This isn't the first time something like this has happened. (https://bitcointalk.org/index.php?topic=1322261.msg14028232#msg14028232)



Ummm no.

I can definitely see where your coming from, but given that PlayBetr/Coinbet were also breached (and any other sites using the same software), it's harder to believe. I suppose the argument could be made that they are all the same site but I think it's more likely that they're just using the same provider.

Coinbet.ag and Betcoin.ag were definitely managed by the same people a couple years ago.  I once even got a withdraw approved on Coinbet through the Betcoin chat.  They also used to advertise Coinbet dice tourneys on Betcoin.

I also stumbled on Playbetr a couple years ago (https://bitcointalk.org/index.php?topic=1667860.msg16797364#msg16797364) before it was actually launched.  It was identical to Betcoin but had a bunch of obvious bots in the chat and at the poker tables making the site appear active.  It was really weird.  They seem to have made a bunch of changes, including getting a lol curacao gaming license and not allowing US players.  (something the Betcoin was planning on doing in 2018 (https://www.betcoin.ag/important-announcement))

https://bitcointalk.org/index.php?topic=1667860.msg16797364#msg16797364

Bump. It doesn't seem like either Betcoin nor PlayBetr have notified their players (yet).

Hello, we notified our players the day that we concluded our investigation
https://www.betcoin.ag/player-email-address-database-breached-march

I'd be surprised if even half your players saw this article.  An email would be much more effective and considering every players email address was compromised (again) should've been the first thing you did after finding out.

They can find out another way but getting spammed with other websites, maybe they'll realize something was compromised but might not help them pinpoint that to the original source

Or the emails could be used to phish players (again (https://bitcointalk.org/index.php?topic=1322261.msg14028232#msg14028232))

Yup, an email was what I was expecting. There's probably a lot of players who are inactive as well and thus wouldn't see the article. As of right now, I have not received an email from Betcoin or PlayBetr (and I don't have a CoinBet account).

We made posts on our BitcoinTalk thread and player forum the day the investigation concluded, with plans of an email to follow. This email will be sent shortly. Thank you very much for all you do for the community.

It's been well over 3 weeks now.

I'm thinking you either don't think it's that important or you don't want to send the email because you'd prefer the vast majority of your players not be made aware of their information being compromised (while appearing to be proactive on the forums).

I suppose it's also possible you guys can't figure out how to send 285k+ emails.  

We were pleased to have sent this email last Friday (6 days ago). Informing the community about this was a high priority, and we have done everything we could to do so via every medium available. Thank you.

hmmm, I didn't receive it.  Anyone else?

I think I got mine. The email account I use for gambling has so much going through it in terms of legit email / promo email / general announcements / and spam that unless I am looking for something it just gets deleted. I did see something from them come in over the last few days and since I have not played there in a while I ignored it and it just auto deleted after 48 hours. I do that to all mail coming into that account unless I move it.

So the standard good advice that all of you should be following.
1) 2FA
2) Different passwords for every site.
3) Don't leave BTC out there. Remember, not your keys not your coins.

-Dave

I did get one of these on monday from Betcoin:


I've been getting one every month or so for over a year. The ip address is almost always in Malasya.  (and obv I never click it)

I didn't get mine either. Some other Betcoin emails did land in spam, but nothing about a security breach (those were ticket replies).

I'm starting to wonder if some mail places are dumping more and more mail that they think is spam into a black hole and never even delivering it to your spambox.
I had a VERY spamlike email make it to the server I manage and the headers showed it also went to another account I have with Yahoo but the Yahoo account never got it.
The originating IP was not blacklisted but I only got the 1 copy.

Do we have to add to not your keys not your coins, not your server not your email?

-Dave

I got the email 6 days ago , thing is that the subject of the email wasn't about the breach lol
( Parlay Promo is Back! New Slots, Deposit Bonuses and More! ) that was the email subject , but if you open it you will see that they talk about the breach that happened

so at first thought it was just a promotion email but they first talk about the breach in that email

Both members who said they hadn't received the email have 'Site news & announcements' turned off on their email notification settings. For this to happen, they would have to have turned these off manually or requested it from our staff. We have had many replies to this email, so we know that the majority of players received it. Thanks again and good luck to all.

I think the better phrase would be "not your domain, not your email". I wouldn't recommend that people host their own mail servers due to the difficulty of setting up and maintaining, and using your own domain with another provider is a more reasonable compromise between convenience and security. This way, someone else handles your emails for you (ProtonMail in my case), but if they ever go offline/disable accounts/adopt a bad policy, I can move my domain to another service without having to re-register any accounts or missing any emails.

Don't want to take this too far off topic (I probably say that way too many times)

But the issue is that yeah, it's your domain you can move it from proton to gmail to Guerrilla Mail and so on, but you still are subject to their rules.
Running your own mail server is time consuming, annoying, easy to screw up, stressful and 1000 other things that will cause you to loose your hair, loose sleep and who knows what else. On the other hand, when someone sends you something you know what happened to it.

If you accept the fact that occasionally because it's not your server you might not get something that's fine. Most people are, but when it's important and you don't get it then too bad.

I'm a nerd, I'm good with that fact so yes I do run my own server.
I also know that if it explodes how to route around the issue.

I have seen too many people loose / not get important emails because they were hosting at a place that decided to black hole stuff because they felt like it that day. And then complain about it. Sorry, you knew the rules going it.

Sorry for the rant, it's just one of those things that sets me off.

-Dave