- use different login/pass for each sites,
That seems to be the one that would have worked in this instance.
Someone had a list of usernames and passwords from a different site and tried them on Just-Dice.
Most of the usernames they tried didn't even exist on Just-Dice, but some did, and some of those use the same password as on the hacked site.
Some of those ones with the same username and password also had 2FA disabled, or had it enabled, but not required to withdraw.
Those are the people who lost coins.
The lesson here is twofold:
1) don't reuse passwords
2) do use 2FA when available
I'm sorry for people's losses. It's an expensive way to learn about password security.
Incidentally, I would be very interested to learn which site the list of usernames and passwords was hacked from. If your account was compromised and you only used the same account details on a few other sites, please list those other sites here so we can see if a pattern emerges.
I've checked the logs. It appears that the amounts stolen were (in size order):
0.00018560, 0.00069031, 0.00930999, 0.00990000, 0.01006117, 0.01137880, 0.01773303, 0.02915000, 0.04515912, 0.04542498, 0.04976687, 0.08471695, 0.60705816, 0.88197790, 3.87314367, 60.07364941
Total: 65.74930596 BTC. The stolen coins were sent to 1GtAri6QDusZVFPtCBufA7ti6R34BxRwBB (14 transactions) and 1sCaMzrzY6sCaRMUY9WjM35QnwHYLyBEd (2 transactions).
If anyone would like to donate to make the victims whole, I set up address 1GbDrpVNGxC8CxfZrYMPVPZ2KNwvcXEHT7 for donations. Anything sent there will go to the 16 who lost funds.
Good Idea and with some reasonable problem solving we can probably find the source of this.
Did Casinobit recently "find" some bitcoins? if I recall some of the investors was recently paid "need source". So I guess we need to ask other victims, what bitcoin gambling companies have you joined and eliminate one by one?