leea-1334
|
|
May 31, 2020, 09:23:18 AM |
|
I wish i had merit to send, this response is everything <3
Sigh,,, this happens every site I go to and I do not know why online, people have this really bad habit. It usually starts out well. They "loan" a guy a small amount and the guy pays back with a small tip. So it gets bigger the loan and then it never gets paid back. I have seen countless arguments over loans, some sites even ban both lender and borrower. No one would ever think to ask or lend at a real casino. Why people do it online I can never understand.
|
|
|
|
examplens
Legendary
Offline
Activity: 3472
Merit: 3505
Crypto Swap Exchange
|
|
May 31, 2020, 07:38:49 PM |
|
Are you fine if that happens to you? and why do you conclude that casino is not guilty while they should check their site security day by day to see if there's no intruder can penetrate on their site and as what he said he don't have any log in activity and why does he encounter those issue.
It's their job to make their user safety so they should act on this issue and check if their site not compromised or the person who claim is victim of malware,phising or any attempts existing in the net.
After this accident, I have checked my PC with a few anti-malware tools and I did not find anything unusual in my PC. Also, I did not change the password in any of the other services which I am using in the same PC and I did not find any suspicious activity on any of them. This has already been resolved. The site is secure, and the admin make sure of that. This boils down to a user not having full security of his account because they didn't have 2fa or a master address on. Leaving your money in a vulnerable spot without protecting it is user error.
if we do nothing it is also resolved. I have no feeling that is resolved. To be honest, I am not happy at the end here. I got two possible scenarios from admin, and of course, my computer is compromised or someone else had access to my computer. without any deeper thought and check, the blame is laid on me. I still don't understand, why in login history I can't find any activity in time when someone close investment, exchange DOGE for BTC and withdraw it. If someone does this from my PC, probably this activity will be in login history. I will probably send new coins more to try to catch the thief in action. btw, If your platform is not secure without 2FA and master address, why then it is not obligatory to activate it? activating master address, this is only to protect BTC withdrawal. whether it protects if exchange for ETH and withdraw ETH?
|
|
|
|
rawdog11
Member
Offline
Activity: 149
Merit: 25
|
|
June 01, 2020, 12:57:08 AM |
|
Are you fine if that happens to you? and why do you conclude that casino is not guilty while they should check their site security day by day to see if there's no intruder can penetrate on their site and as what he said he don't have any log in activity and why does he encounter those issue.
It's their job to make their user safety so they should act on this issue and check if their site not compromised or the person who claim is victim of malware,phising or any attempts existing in the net.
After this accident, I have checked my PC with a few anti-malware tools and I did not find anything unusual in my PC. Also, I did not change the password in any of the other services which I am using in the same PC and I did not find any suspicious activity on any of them. This has already been resolved. The site is secure, and the admin make sure of that. This boils down to a user not having full security of his account because they didn't have 2fa or a master address on. Leaving your money in a vulnerable spot without protecting it is user error.
if we do nothing it is also resolved. I have no feeling that is resolved. To be honest, I am not happy at the end here. I got two possible scenarios from admin, and of course, my computer is compromised or someone else had access to my computer. without any deeper thought and check, the blame is laid on me. I still don't understand, why in login history I can't find any activity in time when someone close investment, exchange DOGE for BTC and withdraw it. If someone does this from my PC, probably this activity will be in login history. I will probably send new coins more to try to catch the thief in action. btw, If your platform is not secure without 2FA and master address, why then it is not obligatory to activate it? activating master address, this is only to protect BTC withdrawal. whether it protects if exchange for ETH and withdraw ETH? The more ways you can protect your information the better. It's the users choice on how they want to secure their funds. They have additional options -- if they choose not to use them then its their own choice. If you just have a username and passcode you're limiting your protection (that's my opinion). Ethan has answered you, he's checked thoroughly and sent you the server logs. If youre going to send new coins, use 2fa. secure your account.
|
|
|
|
YOLO_LIFE
Member
Offline
Activity: 162
Merit: 16
|
|
June 01, 2020, 10:48:25 AM Last edit: June 01, 2020, 11:25:17 AM by YOLO_LIFE |
|
I still don't understand, why in login history I can't find any activity in time when someone close investment, exchange DOGE for BTC and withdraw it. If someone does this from my PC, probably this activity will be in login history.
I think in the login history logs are created this way, like whenever user login it just creates a small log with device information, IP address, operating system, browser details, etc. it doesn't log every time when users perform operations like open/close investments or exchange, etc. let's say you log in for 7 days(without any disconnection) and you perform some operations like exchange/invest/divest (here for whole 7 days it will create only one log). on the side note, I want to share one more thing I been playing/watching YOLOdice for 3+ without 2fa/any master address and invested some significant amount, I never had any issue like account hack or anything. it looks like your casino has been hacked
just assume the site has been hacked or whatever. there are like some 300k+ accounts in YOLOdice so far why do hackers only choose examplens account instead of rest of the 300k+ accounts. (this clearly shows there is something wrong on your side). as I stated above I never keep any 2fa or master address to my YD account (3+ years) never had any issue.
Here are the results after investing for one-month . profits are impressive.
|
|
|
|
wozzek23
|
|
June 01, 2020, 08:19:54 PM |
|
I wish i had merit to send, this response is everything <3
Sigh,,, this happens every site I go to and I do not know why online, people have this really bad habit. It usually starts out well. They "loan" a guy a small amount and the guy pays back with a small tip. So it gets bigger the loan and then it never gets paid back. I have seen countless arguments over loans, some sites even ban both lender and borrower. No one would ever think to ask or lend at a real casino. Why people do it online I can never understand. There was even website that people actually lend money to others. I do not remember the name of the website but from early days of bitcoin (not too early, like 2012 or something) to very recently there was 2 famous websites where people asked for loans in bitcoin and others would give it to them. Depending on how you did, you would get a better rank there as well. So you started with zero credit at all, and asked for something small first, but you ended up paying that back, which increased your rank on the website, you kept doing that over and over again with slightly more and more money, and eventually you paid back a lot of money, which looked like you were a solid person to lend out to. However you came back and ask for even more, and at that point you just took it and leave. After too many times of that happening website realized people would get scammed far too often and closed down.
|
|
|
|
davinchi
Legendary
Offline
Activity: 2100
Merit: 1058
|
|
June 02, 2020, 01:06:48 PM |
|
Here are the results after investing for one-month . profits are impressive. You have invested 20k doge and came back with almost a %10 return, that is a very very big return when you look at it % wise. Sure 2k doge is not really that much itself but that means if you had 200k, you would have 20k as well, hence why its awesome return when you consider the 10% part. About the login, could it be api? I don't know if there is any api that allows all of this, exchanges do have it but I don't know about the casinos, I have a feeling that if there is api, you do not even have to login to anywhere to withdraw someone's money. There are plenty of dice auto system type of deals, where you use it (most trustable one is seuntjie for example) and it logs in for you instead of you and maybe that way someone got a hold of your account and stole it? I agree that just because one account was hacked, it doesn't mean the whole website was hacked.
|
|
|
|
ethan_nx (OP)
|
|
June 02, 2020, 03:17:19 PM |
|
Hey,
I don't really get why a single hack of unknown origin is causing so much discussion. It seems the thing is going public, so let me summarize what I've already sent via email, as soon as I learned about the incident:
__If__ this is a hack, then all my logs indicate that the source is the victim's PC. My server logs show clearly that the request to close the investment comes from user's PC. Before that, the connection was hanging idle for several hours, doing regular browser<->server request. It looks like normal traffic from the browser and most likely was. So after a few hours of idling there comes a request to close an investment, exchange DOGE to BTC and withdraw, and connection closes.
There were no unauthorized logins to the server, just regular traffic, all from the same IP and the same browser.
It's not possible that this amount of logs was created by hacking into YD servers. Logs are distributed to a few machines, and they are different kind of logs - authorization logs and system logs, access logs and event logs. We use centralized ELK server for logs to make log analysis much easier (and possible) and be able to correlate logs related to a single event. Believe me, I know what I am doing here.
I can say with 100% certainty the source of the "hack" is external. I don't want to contradict anyone's story without having the knowledge of what happened, but analyzing the situation on my end there are 2 possibilities:
1. The user leaves the PC on, logged into YD, for a few hours, unprotected. Someone else comes by, uses physical access to the PC and uses the opportunity to quickly wipe the account clean. 2. The PC is infected with malware and remote hacker can take control over PC, manipulate the open browser and act on user's behalf.
I cannot see how we could take responsibility in any of these cases. There is literally nothing that would indicate a different scenario.
Rest assured, YD is secure.
Cheers, Ethan
|
|
|
|
ethan_nx (OP)
|
|
June 02, 2020, 03:43:06 PM |
|
Hey, something a bit more optimistic: Today we've launched a Tor service at This is our small contribution to Internet privacy. In most cases you'll see much worse performance over Tor compared to connecting directly (less bets per second) simply because of number of hops in the Onion network. Increased latency however is a small price to pay for (almost) ultimate privacy. In Tor mode no external code from 3rd party websites is loaded. Check out our Tor endpoint and post any comments you might have! Cheers, Ethan
|
|
|
|
FinneysTrueVision
|
|
June 02, 2020, 07:03:28 PM |
|
Hey,
I don't really get why a single hack of unknown origin is causing so much discussion.
People just like to make pointless comments over and over to spam their signature. That's what this forum has become.
|
|
|
|
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ████████▄▄████▄▄░▄ █████▄████▀▀▀▀█░███▄ ███▄███▀████████▀████▄ █░▄███████████████████▄ █░█████████████████████ █░█████████████████████ █░█████████████████████ █░▀███████████████▄▄▀▀ ███▀███▄████████▄███▀ █████▀████▄▄▄▄████▀ ████████▀▀████▀▀ █▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀BitList▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . REAL-TIME DATA TRACKING CURATED BY THE COMMUNITY . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀List #kycfree Websites▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ |
|
|
|
ethan_nx (OP)
|
|
June 03, 2020, 07:44:23 AM |
|
SSL Certificate issue [solved] at api.yolodice.com (possibly affecting DiceBot and other bots using API) For the last few days some users were having issues connecting to our API endpoint (api.yolodice.com). At the time I've checked if everything is OK on our side and I thought it was. Apparently it Things should work fine now. The issue was that one of the trusted web certificates was not updated on-time, which honestly affected millions of websites all over the internet. You can read about it by googling "Sectigo SSL Certificate Root Expiration". Since our issuer did not approach us to update our certificate chain bundle we honestly did not know about the issue till yesterday. At the same time browser connections were OK - somehow modern browsers have a mechanism that can cope with such rare incidents. We have updated our chain certificates and DiceBot and other bots should be able to connect without issues. If you still have any issues connecting, please let me know! Cheers, Ethan
|
|
|
|
Reid
|
|
June 03, 2020, 09:14:55 AM |
|
Lesson learned. Keep everything protected. I just updated my settings for everything because of this incident. Although I know Yolodice is secured, your PC may not be anytime. I think this 4 is important since they cannot withdraw unless they have your phone.
|
|
|
|
FatFork
Legendary
Offline
Activity: 1778
Merit: 2671
Crypto Swap Exchange
|
|
June 03, 2020, 09:42:44 AM |
|
Lesson learned. Keep everything protected.
I just updated my settings for everything because of this incident. Although I know Yolodice is secured, your PC may not be anytime.
I think this 4 is important since they cannot withdraw unless they have your phone.
Same here. You can never be too secure. 2FA can sometimes be an extra hassle but it’s the only way to secure your account from unauthorized withdrawals if someone cracks your password or you pick up some malware on your pc.
|
|
|
|
Taskford
|
|
June 03, 2020, 09:58:20 AM |
|
Lesson learned. Keep everything protected.
I just updated my settings for everything because of this incident. Although I know Yolodice is secured, your PC may not be anytime.
I think this 4 is important since they cannot withdraw unless they have your phone.
Same here. You can never be too secure. 2FA can sometimes be an extra hassle but it’s the only way to secure your account from unauthorized withdrawals if someone cracks your password or you pick up some malware on your pc. That's a big mistake for people thinking that it's just a waste of time for setting up the 2FA since the risk is so high and we don't know on when the attack occur or will happen unto us, But this is a lesson learn for the people who encounter an unfortunate incident so provably they know the importance of 2FA, although this is a time waster since we need to spend more seconds before we can log in to our account but the convenience and safety brought by this feature is so good for us.
|
| . .Duelbits. | │ | | │ | ▄▄█▄▄░░▄▄█▄▄░░▄▄█▄▄ ███░░░░███░░░░███ ▀░░░▀░░▀░░░▀░░▀░░░▀ ▄░░░░░░░░░░░░ ▀██████████ ░░░░░███░░░░▀ ░░█░░░███▄█░░░█ ░░██▌░░███░▀░░██▌ ░█░██░░███░░░█░██ ░█▀▀▀█▌░███░░█▀▀▀█▌ ▄█▄░░░██▄███▄█▄░░▄██▄ ▄███▄ ░░░░▀██▄▀ | . REGIONAL SPONSOR | | ███▀██▀███▀█▀▀▀▀██▀▀▀██ ██░▀░██░█░███░▀██░███▄█ █▄███▄██▄████▄████▄▄▄██ ██▀ ▀███▀▀░▀██▀▀▀██████ ███▄███░▄▀██████▀█▀█▀▀█ ████▀▀██▄▀█████▄█▀███▄█ ███▄▄▄████████▄█▄▀█████ ███▀▀▀████████████▄▀███ ███▄░▄█▀▀▀██████▀▀▀▄███ ███████▄██▄▌████▀▀█████ ▀██▄███▀██▄█▄▄▄██▄████▀ ▀▀██████████▄▄███▀▀ ▀▀▀▀█▀▀▀▀ | . EUROPEAN BETTING PARTNER | |
|
|
|
ricdienj
Newbie
Offline
Activity: 3
Merit: 0
|
|
June 05, 2020, 03:12:53 AM |
|
Is it possible to deposit to yolodice with a new random/dynamic deposit address each time, for btc/ltc/doge?
|
|
|
|
ralle14
Legendary
Online
Activity: 3374
Merit: 1921
Shuffle.com
|
|
June 05, 2020, 05:01:10 AM |
|
Is it possible to deposit to yolodice with a new random/dynamic deposit address each time, for btc/ltc/doge?
I don't think it's possible to change your deposit address after every transaction on my account I had two deposit address for bitcoin but only one for the altcoins. If you're worried about your privacy what you could do is to use a mixer for each deposit.
|
| .SHUFFLE.COM.. | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | . ...Next Generation Crypto Casino... |
|
|
|
leea-1334
|
|
June 05, 2020, 07:07:16 AM |
|
@YOLO_LIFE Is it not a great feeling to see your investment grow after just 1 month? I don't think it's possible to change your deposit address after every transaction on my account I had two deposit address for bitcoin but only one for the altcoins. If you're worried about your privacy what you could do is to use a mixer for each deposit.
It does not matter,,, I believe I think he is concerned that if anyone is able to associate that address with him,,, he is found out no matter what address he uses to deposit with.
|
|
|
|
Negotiation
|
|
June 05, 2020, 07:30:04 AM |
|
Lesson learned. Keep everything protected.
I just updated my settings for everything because of this incident. Although I know Yolodice is secured, your PC may not be anytime.
I think this 4 is important since they cannot withdraw unless they have your phone.
Same here. You can never be too secure. 2FA can sometimes be an extra hassle but it’s the only way to secure your account from unauthorized withdrawals if someone cracks your password or you pick up some malware on your pc. You're right, in order to keep your account secure you need to keep everything on your PC safe so that no one can access it. Also if we use the 2fa code to keep the password safe then no one will be able to hack Both PC accounts will be protected Everything in the game will be safe.
|
|
|
|
YOLO_LIFE
Member
Offline
Activity: 162
Merit: 16
|
|
June 05, 2020, 09:42:44 AM |
|
Is it possible to deposit to yolodice with a new random/dynamic deposit address each time, for btc/ltc/doge?
Hi there! at YOLOdice deposit address won't be changed for every deposit. but you can achieve it this way like you can simply create a brand-new account every time you play (but there is a small drawback like you will miss the level up bonuses if you play with brand-new accounts every time).
|
|
|
|
ricdienj
Newbie
Offline
Activity: 3
Merit: 0
|
|
June 05, 2020, 09:52:02 AM |
|
Is it possible to deposit to yolodice with a new random/dynamic deposit address each time, for btc/ltc/doge?
Hi there! at YOLOdice deposit address won't be changed for every deposit. but you can achieve it this way like you can simply create a brand-new account every time you play (but there is a small drawback like you will miss the level up bonuses if you play with brand-new accounts every time). serious...? o_O
|
|
|
|
YOLO_LIFE
Member
Offline
Activity: 162
Merit: 16
|
|
June 05, 2020, 11:22:05 AM |
|
Is it possible to deposit to yolodice with a new random/dynamic deposit address each time, for btc/ltc/doge?
Hi there! at YOLOdice deposit address won't be changed for every deposit. but you can achieve it this way like you can simply create a brand-new account every time you play (but there is a small drawback like you will miss the level up bonuses if you play with brand-new accounts every time). serious...? o_O yeah, YOLOdice offers Rakeback bonus based on the user level. it starts from level 7. at level 7 it will be 1% which means for every one coin users wager they will receive 0.0001 coins as Rakeback, and it will be increased by 1% as user-level up. at level 8 it will be 2%... so assume if a user wagers with one account all time and level up so that he gets better Rakeback %. assume someone creating a brand-new account all the time and all these accounts are low level so less Rakeback bonus. assume having one level 15 account (gives 9% Rakeback) and assume having ten level 7 accounts (they give 1% Rakeback). I hope this makes sense. in between, you can join YOLOdice chat, mods are available there to help you and answer your questions :-) .
|
|
|
|
|