Coindice,Johny1976 Scam. Sell script with bugs.

[Dogedigital]

You are all new members. I dont see how the problem can be proven except there is an error in the code that makes the outcome of the bets guessable or a real backdoor. So that everyone knows the problem existed before it was sold.

How could it be made sure that the casino owners didnt change the code themself? That they are all new users doesnt make it easier.

Im not blaming, i only point out a problem.

Are there other casino owners that run their script without problems? It would be strange when such an exploit would be used only by 2 out of 100 casinos or so...

All those that I have talked to including me have had problems with the script.  I bought all versions and have just abandoned them all.

All updates are the same versions with 1-2 extra lines of code.  Multiple devs were reached to make modifications and most of them said that it was unworkable and it was much easier to start from scratch.

However I can say that I never ran into a backdoor in my versions (there's a lot of counterfeits that actually do include backdoors).

[yogg]

I bought a dice website which was using CoinDice. Since I was not the original script buyer, I didn't get any update and Johny never replied to my PM when I contacted him to look for a solution.
However, I asked a dev to audit the code before I put it in production. He said it was ok to run it, and that there is no backdoor.

Sure, there was no backdoor.
About 2 months later, someone found an exploit and managed to empty my hot wallets. Again, this was not a backdoor made on purpose.

What happened is that the hacker found a way to repeat some operations.
At the beginning, he repeated bets. [Screenshot] (see how the bet ID got reversed but the roll outcome is the same for all the bets... Disturbing isn't it ?)
But then, the exploiter managed to repeat withdrawals and made them happen several times in my wallet, while the script shows it processed them only once.

I have read a lot of thread about CoinDice being easily exploited. Overall, it seems poorly secured.
Because Johny didn't care at all about my messages, I won't buy, host or support a CoinDice script ever.

Buyers beware.

[SebastianJu]

You are all new members. I dont see how the problem can be proven except there is an error in the code that makes the outcome of the bets guessable or a real backdoor. So that everyone knows the problem existed before it was sold.

How could it be made sure that the casino owners didnt change the code themself? That they are all new users doesnt make it easier.

Im not blaming, i only point out a problem.

Are there other casino owners that run their script without problems? It would be strange when such an exploit would be used only by 2 out of 100 casinos or so...

In all seriousness, new or old doesn't really matter anymore. Could take $50 and buy myself a two year senior account if I wanted.

Thats right... though theoretically it would be way easier to create a number of newbie accounts and tell a story about multiple scripts acting strange.

Though again... i dont accuse, i only point out that its hard to prove. And i wonder, how many scripts were sold and how many scripts wallets, out of that, were emptied?

At the end... if those risks are mentioned for years then there might be something true. As long as no careful code review is done... including database entries. 

[elm]

At the end... if those risks are mentioned for years then there might be something true. As long as no careful code review is done... including database entries. 

so who could do a careful code review?

[SebastianJu]

At the end... if those risks are mentioned for years then there might be something true. As long as no careful code review is done... including database entries. 

so who could do a careful code review?

I dont know since normally you need to KNOW risky code parts. And thats something the average code developer not knows in detail.

Another thought i got is... didnt op mention that the max profit he sat was a big part of the house? Theres a reason why dooglus even sat the max profit down from 1% to 0.5% on justdice. The reason was that someone was able to win a big part of the house with 1%. Thats why you normally use the kelly criterion. And the kelly criterion says 1% is the best value for best profit. If you raise that value then the chance raise exponentially that you will lose big parts of the house. Or all of it. The reason is that its very hard to win back something lost if your house is, lets say halved already.

Thats mathematics. And maybe the script seller should point that out more aggressively.

Though thats only another thought as a possible problem.

[elm]

At the end... if those risks are mentioned for years then there might be something true. As long as no careful code review is done... including database entries. 

so who could do a careful code review?

I dont know since normally you need to KNOW risky code parts. And thats something the average code developer not knows in detail.

Another thought i got is... didnt op mention that the max profit he sat was a big part of the house? Theres a reason why dooglus even sat the max profit down from 1% to 0.5% on justdice. The reason was that someone was able to win a big part of the house with 1%. Thats why you normally use the kelly criterion. And the kelly criterion says 1% is the best value for best profit. If you raise that value then the chance raise exponentially that you will lose big parts of the house. Or all of it. The reason is that its very hard to win back something lost if your house is, lets say halved already.

Thats mathematics. And maybe the script seller should point that out more aggressively.

Though thats only another thought as a possible problem.

agree with you but the seller is very quiet until now

[elm]

just for info............Johny deleted today 5 postings of mine. I didnt offend him at all I just asked some questions.

 

[jackyballz]

When there are so many people complaining about the script, I wonder why someone just doesn't post the whole code of the latest script in public so that everyone can take a look at it and find existing bugs / backdoors. I'm a coder and security analyst myself, but not interested in running a dice site - still I would love to see if there are some bugs in the script that were put in there on purpose.

[elm]

When there are so many people complaining about the script, I wonder why someone just doesn't post the whole code of the latest script in public so that everyone can take a look at it and find existing bugs / backdoors. I'm a coder and security analyst myself, but not interested in running a dice site - still I would love to see if there are some bugs in the script that were put in there on purpose.

so maybe some script owner can give you the script for review. but to see that you jump in with your 1st post
doesn't smell that good either  IMO, no offense intended.

[jackyballz]

No offense taken - I didn't say that anyone should send me the script.
I just don't understand why people are crying and calling johny1976 a scamer, but do nothing against it.
If you are sure that he scammed you, then stop others from falling for the same scam by making his scripts available to the public.
From the threads I've read and people I've spoken to, I am pretty sure that those 'bugs' are build in on purpose.

[elm]

No offense taken - I didn't say that anyone should send me the script.
I just don't understand why people are crying and calling johny1976 a scamer, but do nothing against it.
If you are sure that he scammed you, then stop others from falling for the same scam by making his scripts available to the public.
From the threads I've read and people I've spoken to, I am pretty sure that those 'bugs' are build in on purpose.

I agree with you and was also wondering that he still has green trust. and if there are bugs to give someone the option to steal coins then IMO it was intended to steal. the blackjack script had so many bugs that I found and I am not a coder but those bugs were game and rule related. Johny has no clue about the game itself.

lets hear something from coindicestand if he could arrange an agreement with johny

[johny1976]

When there are so many people complaining about the script, I wonder why someone just doesn't post the whole code of the latest script in public so that everyone can take a look at it and find existing bugs / backdoors. I'm a coder and security analyst myself, but not interested in running a dice site - still I would love to see if there are some bugs in the script that were put in there on purpose.

I have no problem with providing you the whole code for review. We may be idiots who have bugs in their scripts but we are not thieves.

Or you can ask coindicestand to give you the code he got from me if you don't believe it's same. I see no problem with this either.

Johny

[SebastianJu]

When there are so many people complaining about the script, I wonder why someone just doesn't post the whole code of the latest script in public so that everyone can take a look at it and find existing bugs / backdoors. I'm a coder and security analyst myself, but not interested in running a dice site - still I would love to see if there are some bugs in the script that were put in there on purpose.

Making it complete public would be the wrong step. The accusation "could" be wrong and at the end johnys script would be useless, because he cant sell it anymore, since its out there for free.

I think the correct thing would be to provide it by pm or email to persons who claim they will do a review. Though that could turn out to be a "free script" thing too fast. At least if everyone only needs to ask.

Maybe the best option would be to provide proof that someone can check the code. Im not sure how much that would limit the potential users. I mean because they want to stay anonymous.

[coindicestand]

Hi, i have no news. no pm in. nobody interest of this shit. we stopped dice site bcoz its 1000% Johny scam. no support of his products. no moneyback. we lose money and i pasted all b4. i can confirm deal with johny for 1.1 btc. i can give script to anyone who can make audit and pay after some bitcoins. i cant see other way to put negative feedback to johny. its a bullshit.

[DiscoverCebu]

The coindicescam guy is from crimedice by my guess, don't know who the other guy is though, could be a shill as well.

[FruitsBasket]

The coindicescam guy is from crimedice by my guess, don't know who the other guy is though, could be a shill as well.

No! the coindice script has been used many times.. pretty much its a dirt cheap trash that most who don't know how to make a website buys it

[SebastianJu]

I wonder if the dice site owners know the kelly criterion. They never should raise the max profit over 1% of the house. So when 1 Bitcoin is the house then max profit is only allowed to be up to 0.01 Bitcoin.

If you dont follow that rule that you can be wiped out pretty fast. The kelly criterion shows how to adjust max profit in order to have the maximum profit with the least risk.

A security expert, i asked to check the code a bit, checked it and found:

I just had a look and this is awful code. Why is it all ajax calls? Why you not using websockets?
With even a little load this will bog down. You need to at least have a websocket server for doing all the communications like betting.
Even the chat function is ajax calls. This is bad design!

For 1btc, I suppose there can't be too much expectation. But if you are going to do something, do it right!

Also, don't you think there is already enough dice sites? Why do we need more?

As far as i know he says that an attacker could bring down the server because of the design. And that is potentially risky. Though he did not go as far as to attack a site really.

[coindicestand]

The coindicescam guy is from crimedice by my guess, don't know who the other guy is though, could be a shill as well.

LoL you are another scammer than or guy who lick ass to mr Johny my guess ..

No news. No pm. Johny still ripping..

here is another guy who was scammed  https://bitcointalk.org/index.php?topic=1091065

here is new bullshit script from johny1976 https://bitcointalk.org/index.php?topic=1141261.0

why no negative feedbacks more??
who bought and have success deal with this scripts? NOBODY?

No moneyback. No support. Scam,fake and bullshit

Johny1976=bump

[TYPEcoin]

I don't know the others scripts but the CoinJack  have 2 backdoors but if you know how you can remove it all will be fine.

[johny1976]

Lovely.

It's almost impossible that we're still working, isn't it? Maybe we just aren't such a big scammers as some people call us. Anyway I'd like to congratulate you on not falling for this BIG SCAM.