Secondstrade.com stole 0.9733BTC [Proofs Inside]

[malcovixeffect]

Scam? But users are still promoting the sig?

[1715578201]

1715578201

[1715578201]

1715578201

[1715578201]

1715578201

[tommy163]

Scam? But users are still promoting the sig?

It is possible cause 400 people are in his campaign, he scams much money and pays penny to the campaigners. Easy money

[ndnh]

-snip-
But my case is different. I have done 11 transactions on 1.98 and 4.08 multipliers only. 4 out of 11 transactions lost, only 7 won.
And my last transaction was over the max 0.9733BTC what's the craziest part about that? If your max bet was bigger my transaction would have in fact lost because I have sent to x1.98 on higher than 49 and mine was 39.
But since you have a rule of refunding bets that are higher than the max, I am waiting for your refund.
I will not scream nor will I bold my text but please secondstrade read my post.

That is good!!

You should get your refund. I'll PM secondstrade.

[sp3edm]

-snip-
But my case is different. I have done 11 transactions on 1.98 and 4.08 multipliers only. 4 out of 11 transactions lost, only 7 won.
And my last transaction was over the max 0.9733BTC what's the craziest part about that? If your max bet was bigger my transaction would have in fact lost because I have sent to x1.98 on higher than 49 and mine was 39.
But since you have a rule of refunding bets that are higher than the max, I am waiting for your refund.
I will not scream nor will I bold my text but please secondstrade read my post.

That is good!!

You should get your refund. I'll PM secondstrade.

ndnh, can u do the same with me please ? i'm in the same case: https://bitcointalk.org/index.php?topic=1644520.msg16540424#msg16540424

[suchmoon]

Here is a response I sent to one of secondstrade's PMs where they claimed that they may reconsider and refund "tautvilis". I think it's worth to post this publicly and to encourage them to respond here:

You have to do much better than that. You have to post full analysis of the issue, publicly, in your scam accusation thread:

https://bitcointalk.org/index.php?topic=1640756.0

You have to explain in detail how the exploit worked and how you determined which users are involved in it. If I understand it correctly it was an issue with your own site that caused or allowed this to happen so you have to show very clearly that you know what happened, how it happened, how you will deal with the consequences, and how you will prevent this from happening again. Only then I can consider revising my feedback.

[Backside walkaround]

Is it time to dump the sig yet?  I'd hate to say bye to the campaign, but I'm not promoting scams either.  And right now I'm not sure what's what.

[ndnh]

https://bitcointalk.org/index.php?topic=1640756.0

You have to explain in detail how the exploit worked and how you determined which users are involved in it. If I understand it correctly it was an issue with your own site that caused or allowed this to happen so you have to show very clearly that you know what happened, how it happened, how you will deal with the consequences, and how you will prevent this from happening again. Only then I can consider revising my feedback.

The txdice relied purely on transaction hash. Secondstrade was not aware that the transaction id could be known before broadcasting it such that the player can just broadcast the winning ones.
The win rate was very high and made a loss of 9BTC to secondstrade in a very short period. All the others except 3 were refunded. Secondstrade suspected these 3 to be the ones who exploited this vulnerability.

They closed TXdice right after they realized this.

[suchmoon]

https://bitcointalk.org/index.php?topic=1640756.0

You have to explain in detail how the exploit worked and how you determined which users are involved in it. If I understand it correctly it was an issue with your own site that caused or allowed this to happen so you have to show very clearly that you know what happened, how it happened, how you will deal with the consequences, and how you will prevent this from happening again. Only then I can consider revising my feedback.

The txdice relied purely on transaction hash. Secondstrade was not aware that the transaction id could be known before broadcasting it such that the player can just broadcast the winning ones.
The win rate was very high and made a loss of 9BTC to secondstrade in a very short period. All the others except 3 were refunded. Secondstrade suspected these 3 to be the ones who exploited this vulnerability.

They closed TXdice right after they realized this.

Thanks. It sounds like they don't really have a good way to figure out who cheated. They should at least publish all bets and specify how they decided to pay or not pay the ones they processed manually.

And I still don't see how they could possibly suspect "tautvilis" if his/her last best was a losing one (not sure how to verify that though).

[rabiow12]

First It's not our fault if his game has a bug or problems, Second thing i didn't cheat Refund me now SCAMMER! Or post a PROOF.

https://bitcointalk.org/index.php?topic=1640756.0

You have to explain in detail how the exploit worked and how you determined which users are involved in it. If I understand it correctly it was an issue with your own site that caused or allowed this to happen so you have to show very clearly that you know what happened, how it happened, how you will deal with the consequences, and how you will prevent this from happening again. Only then I can consider revising my feedback.

The txdice relied purely on transaction hash. Secondstrade was not aware that the transaction id could be known before broadcasting it such that the player can just broadcast the winning ones.
The win rate was very high and made a loss of 9BTC to secondstrade in a very short period. All the others except 3 were refunded. Secondstrade suspected these 3 to be the ones who exploited this vulnerability.

They closed TXdice right after they realized this.

[numanoid]

Secondstrade was refund the amount to OP, you can lock this thread now since it's already resolved.

~snip~

we refunded him.

https://blockchain.info/tx/5c872b79e5518095d5045d2394849a4641a0073097d05615ab0aaad44e51a23d

thank you for your help .

Refference link : https://bitcointalk.org/index.php?topic=813554.msg16558525#msg16558525

[Rotten Egg]

Secondstrade was refund the amount to OP, you can lock this thread now since it's already resolved.

~snip~

we refunded him.

https://blockchain.info/tx/5c872b79e5518095d5045d2394849a4641a0073097d05615ab0aaad44e51a23d

thank you for your help .

Refference link : https://bitcointalk.org/index.php?topic=813554.msg16558525#msg16558525

Refunded or not, a scammer is a scammer. The -ve trusts should remain on secondstrade.com, i.e. https://bitcointalk.org/index.php?action=profile;u=381676, to protect gamblers in future.

[tautvilis]

My bet was finally (after a week of waiting) refunded. Thank you to everyone who had replied in this topic, PM'ed secondstrade, or added him negative feedback.
I have removed my negative feedback and I will be messaging Vod and suchmoon that I no longer have any complaints about secondstrade.
Today I got this PM from secondstrade:

but  at the day, our hot wallet balance was become insufficient , because  the scam.
so payout  for the scam was not proceeded.
at the time, these two  amount above max(0.9 and 0.8 were deposited).
and these bitcoin were also  paid to the scammer.
so we thought that the two bet will be partner of the scammer  or scammer themselves.

the reason that we thought such that.

1. the bitcoin above max amount  did not often deposited  .
2. scam time was very short (about 30 minutes ~1 hours).
3. the requester were newbie.  
   ( i don't think the will be a newbie.  they have a ability that can select transaction id.
     the reason that they are newbie  is because they do not want to know who is.  )

but for you , we will consider refunding ..
you are not a newbie , and we can not find a proof that  you are partner of them.

please wait some more.

Their reasoning behind my delay of refund is pretty logical considering they were the ones who suffered a loss.
Though regarding sp3edm case, yes it is strange that this happened exactly at this time and his first (and only) transaction was over a limit. But that is no way near enough for anyone to consider it as a valid proof.
My advice is that you should probably refund sp3edm his 0.8BTC or else I doubt you will get out of red trust rating, and I doubt you will get any new players.
As of rabiow12 I have already given my analysis so if I were to bet whether he did or didn't abuse it I would bet on, that he did abuse it.
rabiow12 has already lied after he was asked if he's at profit, and is still lying that it was all his Bitcoins left, so I wouldn't be surprised if he lied about not abusing the game too.
If you don't want to refund rabiow12 you will have to talk it through with Vod and suchmoon and explain it with all the proofs on your thread too.

[rabiow12]

AFTER and only after tautvilis got his refund he is now telling everyone  that im the scammer , huh ... got no words to say.

POST A PROOF i have 0 balance in my gambling address and even if i have money that doesn't prove that i was cheating.

Anyways What a bitch!

[ndnh]

Can OP sign an address with over 5BTC? There is something wrong if you can't.

Thanks. It sounds like they don't really have a good way to figure out who cheated. They should at least publish all bets and specify how they decided to pay or not pay the ones they processed manually.

And I still don't see how they could possibly suspect "tautvilis" if his/her last best was a losing one (not sure how to verify that though).

Yep. Some were using different address every time, and it some may have added losing bets to make this less obvious. All the cases other than the two (this one cleared) I have checked were refunded.

IMO OP was blacklisted because:
1. he started with 0.1 and ended with 0.9733
2. all the large bets won
3. bets were becoming larger and larger.
4.

And I still don't see how they could possibly suspect "tautvilis" if his/her last best was a losing one

see below post.

AFTER and only after tautvilis got his refund he is now telling everyone  that im the scammer , huh ... got no words to say.

POST A PROOF i have 0 balance in my gambling address and even if i have money that doesn't prove that i was cheating.

Anyways What a bitch!

Anyway can you provide us with all the transactions you have with secondstrade txdice?

[suchmoon]

So let me see if I understand this correctly. Secondstrade is implying that someone deliberately deposited amounts above max to top up their hot wallet, so the depositor (or an accomplice) could scam it via TX dice, AND get the deposits refunded. Quite clever if true but also quite risky.

And incredibly stupid for secondstrade to commingle funds like that. Deposits over max should never have been part of the hot wallet, those are "borrowed" funds essentially.

Not sure what to think of sp3edm now.

[ndnh]

So let me see if I understand this correctly. Secondstrade is implying that someone deliberately deposited amounts above max to top up their hot wallet, so the depositor (or an accomplice) could scam it via TX dice, AND get the deposits refunded. Quite clever if true but also quite risky.

Yeah you are right. but I don't see how this is risky. The funds transferred from a seemingly "legit" address to a scammer through the hot wallet. Unless secondstrade admin is online and blacklists this legit address there is no chance of losing anything. This person also may have thought that the refund part is actually automatic.

And incredibly stupid for secondstrade to commingle funds like that. Deposits over max should never have been part of the hot wallet, those are "borrowed" funds essentially.

That would not be practical. Since the deposit address remains the same, they would need a separate hot wallet. This would need to have a high balance which is not safe at all.

Edited.

[suchmoon]

So let me see if I understand this correctly. Secondstrade is implying that someone deliberately deposited amounts above max to top up their hot wallet, so the depositor (or an accomplice) could scam it via TX dice, AND get the deposits refunded. Quite clever if true but also quite risky.

Yeah you are right. but I don't see how this is risky. The funds transferred from a seemingly "legit" address to a scammer through the hot wallet. Unless secondstrade admin is online and blacklists this legit address there is no chance of losing anything. This person also may have thought that the refund part is actually automatic.

Right, if the refund was automatic, that may have made sense. Even with that there is a risk that this could have stopped at any time, and it did.

And incredibly stupid for secondstrade to commingle funds like that. Deposits over max should never have been part of the hot wallet, those are "borrowed" funds essentially.

That would not be practical. Since the deposit address remains the same, they would need a separate hot wallet. This would need to have a high balance which is not safe at all.

Edited.

If secondstrade doesn't have any sanity checks and blindly submits the outgoing TXs until the wallet runs dry - they're going to have more issues like this. They should subtract "IOU" amounts and check available balance before sending a payout out of the hot wallet, and/or sweep the over-max deposits to a separate wallet for manual processing.

[tautvilis]

Locking the thread since my case was resolved.