Scammed by Johny1976 creator of coindice script. Not paying bug bounty.

[CryptoMrM]

If you agree with my report I would ask that you leave negative feedback to the user: Johny1976 https://bitcointalk.org/index.php?action=profile;u=143958 until he sends me the funds. I would very much appreciate it.

What happened: Johny1976 is known for his dice script coindice located here: https://bitcointalk.org/index.php?topic=507515.0. He had previously stated to all clients that he was willing to pay up to 1 BTC per client for any losses that his customers suffered as a result of his code having vulnerabilities.

I discovered one major one called 'multi-threading', it's where a person is able to fire multiple page requests quickly at a specific url. The server processes these requests at the same time (hence the multi aspect) and since they are being processed at the same time, they take the same seed value, the same account balance etc (the problem).

Johny implemented time restrictions within the javascript which is user side but he didn't in the php which is server side. This allows users to go to the direct url e.g. https://url.com/content/ajax/place.php?w=0&m=2&hl=1&_unique=12345 and effectively 'spam' it. Likewise with withdrawals. This allowed users to have multiple withdrawals without the funds.

There were also a few minor bugs like users being able to go into negative balance.

So I contacted johny via PM and he agreed to pay me (see figure 1 in logs). You can also see the attached in-formal skype conservation, after which he didn't respond to me (see figure 2 in logs) on April 19th.

I then posted on his thread as he wasn't responding after a few days. He deleted my comments and requested I PM him, despite me doing so on the 17th May, 14 days ago. You can see the entire bitcointalk conversation in figure 3 in logs below.

After this period of waiting I decided to lower the amount I wanted in the hope I would get a quick payment.

Anyway it is now the 16th June, almost 2 months since I first reported this major bug and I would like to be paid. He hasn't responded to my PM's for over a week now despite being active.
 

Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=143958

Reference Link: https://bitcointalk.org/index.php?topic=507515.0
Amount Scammed: 0.6 BTC lowered by me from 1 BTC
Payment Method: BTC
Proof of Payment: N/A
PM/Chat Logs:

Figure 1 (alerting of bug):


Figure 2 (me reporting):


Figure 3 (him avoiding payment):


Additional Notes: N/A

[johny1976]

My partner hasn't been online since then. Also the bugs were (again) found by a group of programmers fixing the script so we didn't really use your notes.. Anyway I need to wait until my partner shows up, until then I can do nothing

[CryptoMrM]

My partner hasn't been online since then. Also the bugs were (again) found by a group of programmers fixing the script so we didn't really use your notes.. Anyway I need to wait until my partner shows up, until then I can do nothing

You are joking me. You knew nothing of the sort. I told you the bugs, posted on your thread after waiting and then you stop sales whilst you 'fix' problems with it.

You expect me to believe you coincidently already had a group of programmers looking through your script and they found the same bug within the same timeframe and that you never thought to mention it?

It's bullshit and even if that was the case you would still be subject to the liabilities of all your clients who were running the venerable versions whilst you quietly kept to yourself there was a HUGE exploit.

I expect to be paid.

[XinXan]

My partner hasn't been online since then. Also the bugs were (again) found by a group of programmers fixing the script so we didn't really use your notes.. Anyway I need to wait until my partner shows up, until then I can do nothing

You are joking me. You knew nothing of the sort. I told you the bugs, posted on your thread after waiting and then you stop sales whilst you 'fix' problems with it.

You expect me to believe you coincidently already had a group of programmers looking through your script and they found the same bug within the same timeframe and that you never thought to mention it?

It's bullshit and even if that was the case you would still be subject to the liabilities of all your clients who were running the venerable versions whilst you quietly kept to yourself there was a HUGE exploit.

I expect to be paid.

Yep definitely bullshit, they say they knew about the bug but they never mentioned anything in the pms or skype, he even told you that he was going to pay you, if he knew about the bug why would he tell you that and not simply, we already know about it? Yeah..

[Xialla]

Anyway I need to wait until my partner shows up, until then I can do nothing

sorry to say, but this seems not like some professional behaviour or something. honestly, I was about also to buy the script, but after this I will have to reconsider little bit again:(

[johny1976]

My partner hasn't been online since then. Also the bugs were (again) found by a group of programmers fixing the script so we didn't really use your notes.. Anyway I need to wait until my partner shows up, until then I can do nothing

You are joking me. You knew nothing of the sort. I told you the bugs, posted on your thread after waiting and then you stop sales whilst you 'fix' problems with it.

You expect me to believe you coincidently already had a group of programmers looking through your script and they found the same bug within the same timeframe and that you never thought to mention it?

It's bullshit and even if that was the case you would still be subject to the liabilities of all your clients who were running the venerable versions whilst you quietly kept to yourself there was a HUGE exploit.

I expect to be paid.

I don't care if you believe me or not. If my partner confirms that the programmers didn't get your notes from us, you'll be paid nothing. If it shows up that the programmers had got your "bug analyse", you'll be paid like agreed.

Also your notes were very general, more like a notices..

[GWGoods]

I don't care if you believe me or not. If my partner confirms that the programmers didn't get your notes from us, you'll be paid nothing. If it shows up that the programmers had got your "bug analyse", you'll be paid like agreed.

Also your notes were very general, more like a notices..

Regardless, He let you know and you obviously didn't know. anyway You should have sent an email to all members who bought (I know you have this information, As I am a previous buyer and receive cointoli updates every so often). You should have alerted them of this issue, because you didn't you obviously didn't know.

You are liable to pay, if you did know already and didn't tell people, I believe you are even more liable to pay. Either way... You lose this case.

[OrangeSeller]

After so many scam accusations toward him, no one left him negative just for cautions? Lol all you default trust list are always so fast in leaving negative for a small rank member but you dare to do nothing to do Johnny

Oh grata johny you slip away from one scam accusation again

[coinmaster222]

We bought the script from johny and found a bug twice once coins were stolen because hackers found a new way to get into the dice and once we had to take it down a week to sort a fix and it was us that fixed it got no help.None of the bugs were major and have no probs with johny just saying there are bugs there.

[CryptoMrM]

Update: Jonny has agreed to pay me the 0.6 BTC.

https://blockchain.info/tx/fa0f9d4ca42766c29453a30c38f9af98d4c122de78e3e1144a00b6b7c3840033

[kralle]

Good for you that you got paid next time just a bit patience

[coindicestand]

here is my topic of this scammer https://bitcointalk.org/index.php?topic=1065017.20
here is another bullshit script from this guy i guess https://bitcointalk.org/index.php?topic=1141261.0
nobody cant post negative feedback? lols.  his ripper

[coindicestand]

lol. this cocksucker still not banned? too much negative feedbacks asshole