Hack Into BitDice And Get 1BTC!

[brituspol]

This is really some high level of security but i don't think 1 btc is enough to attract hackers to hack into such level of security

Not really... This is secure as long as your 2FA and email is secure, which I believe is the case with nearly every site that offers this protection. Considering not even NLNico, someone who has gotten more than 1 BTC at a time for a single bug and has been given a bounty for many other sites, can hack into it, I believe the system doesn't have many flaws

[xinzark]

This is really some high level of security but i don't think 1 btc is enough to attract hackers to hack into such level of security

Not really... This is secure as long as your 2FA and email is secure, which I believe is the case with nearly every site that offers this protection. Considering not even NLNico, someone who has gotten more than 1 BTC at a time for a single bug and has been given a bounty for many other sites, can hack into it, I believe the system doesn't have many flaws

I said it is high level because the email which is used is under control of Bitdice and i am preety sure they must have kept in the most saftest way
So, even if someone tries to hack through the email then he might be wasting his time
He should try to look for vulnerabilities in the site to bypass that warning. And AFAIK dogedice said there is no 2FA set on the account
The account have a default level of security which every newly registered account gets automatically

[BTCevo]

This is really some high level of security but i don't think 1 btc is enough to attract hackers to hack into such level of security

Not really... This is secure as long as your 2FA and email is secure, which I believe is the case with nearly every site that offers this protection. Considering not even NLNico, someone who has gotten more than 1 BTC at a time for a single bug and has been given a bounty for many other sites, can hack into it, I believe the system doesn't have many flaws

I said it is high level because the email which is used is under control of Bitdice and i am preety sure they must have kept in the most saftest way
So, even if someone tries to hack through the email then he might be wasting his time
He should try to look for vulnerabilities in the site to bypass that warning. And AFAIK dogedice said there is no 2FA set on the account
The account have a default level of security which every newly registered account gets automatically

If there is no 2fa to the account I think hacker just need to get comfirmation from this email to get his through. With the email confirmation then this 1 btc will sure be easily to hack though. Dodedice give everything right away right? Username and password, so the main problem here is just some email that hacker need to have to make sure they can login to this btc free account

[actmyname]

If there is no 2fa to the account I think hacker just need to get comfirmation from this email to get his through. With the email confirmation then this 1 btc will sure be easily to hack though. Dodedice give everything right away right? Username and password, so the main problem here is just some email that hacker need to have to make sure they can login to this btc free account

Most likely scenario: there isn't any problem whatsoever.

This is just a PR thing to introduce their security implementations - that's all. I'm willing to bet that on the account, there isn't even 1 BTC anymore - likely given to the account solely for this post and then released - however it is an interesting way of marketing the site. What would be more interesting to see is perhaps authorization on withdrawals - allowing players to enter the account yet preventing them from withdrawing the 1 BTC funds.

[kolloh]

If there is no 2fa to the account I think hacker just need to get comfirmation from this email to get his through. With the email confirmation then this 1 btc will sure be easily to hack though. Dodedice give everything right away right? Username and password, so the main problem here is just some email that hacker need to have to make sure they can login to this btc free account

Most likely scenario: there isn't any problem whatsoever.

This is just a PR thing to introduce their security implementations - that's all. I'm willing to bet that on the account, there isn't even 1 BTC anymore - likely given to the account solely for this post and then released - however it is an interesting way of marketing the site. What would be more interesting to see is perhaps authorization on withdrawals - allowing players to enter the account yet preventing them from withdrawing the 1 BTC funds.

Pretty sure that the account will have 1 BTC until it is claimed or the promotion is discontinued. I saw the account tipped 1 BTC in chat as well. It is unlikely that someone will access the account but if they do, they should be able to claim the 1 BTC.

[malcovixeffect]

If there is no 2fa to the account I think hacker just need to get comfirmation from this email to get his through. With the email confirmation then this 1 btc will sure be easily to hack though. Dodedice give everything right away right? Username and password, so the main problem here is just some email that hacker need to have to make sure they can login to this btc free account

Most likely scenario: there isn't any problem whatsoever.

This is just a PR thing to introduce their security implementations - that's all. I'm willing to bet that on the account, there isn't even 1 BTC anymore - likely given to the account solely for this post and then released - however it is an interesting way of marketing the site. What would be more interesting to see is perhaps authorization on withdrawals - allowing players to enter the account yet preventing them from withdrawing the 1 BTC funds.

How much are you willing to bet?

[manbitcoinlover]

If there is no 2fa to the account I think hacker just need to get comfirmation from this email to get his through. With the email confirmation then this 1 btc will sure be easily to hack though. Dodedice give everything right away right? Username and password, so the main problem here is just some email that hacker need to have to make sure they can login to this btc free account

Most likely scenario: there isn't any problem whatsoever.

This is just a PR thing to introduce their security implementations - that's all. I'm willing to bet that on the account, there isn't even 1 BTC anymore - likely given to the account solely for this post and then released - however it is an interesting way of marketing the site. What would be more interesting to see is perhaps authorization on withdrawals - allowing players to enter the account yet preventing them from withdrawing the 1 BTC funds.

Pretty sure that the account will have 1 BTC until it is claimed or the promotion is discontinued. I saw the account tipped 1 BTC in chat as well. It is unlikely that someone will access the account but if they do, they should be able to claim the 1 BTC.

For sure, this is one legit product promo offer. The thing is, it is basically impossible for the account to be hacked. Not many websites have this type of security, but to hack the account you have to find out the email and then log in to that email. Now imagine if the email used is a tor email, good luck getting through that security buddy, tor was designed  to be fool-proof

[actmyname]

Pretty sure that the account will have 1 BTC until it is claimed or the promotion is discontinued. I saw the account tipped 1 BTC in chat as well. It is unlikely that someone will access the account but if they do, they should be able to claim the 1 BTC.

Someone... like an admin?

Just because the account was tipped doesn't mean the funds are static in there - they may have just as easily been transferred to a "safer" place. Though, if anyone did have enough luck to break into the email, they would probably be using their resources somewhere else - somewhere more profitable.

How much are you willing to bet?

But we'll never know the result of the bet. And there's always the possibility of foul play

For sure, this is one legit product promo offer. The thing is, it is basically impossible for the account to be hacked. Not many websites have this type of security, -snip-

What are you talking about?

Lots of sites (that are deserving of security, not your online farmville crapsites) have email authentication on foreign IPs. Lots of sites have 2FA, and some sites/programs offer their own authenticator service - there's LastPass and Microsoft programs for example.

[shulio]

That would be more interesting to see is perhaps authorization on withdrawals - allowing players to enter the account yet preventing them from withdrawing the 1 BTC funds.

If they actually do that then it will only harm themselves with all the negativity. That is an impossible thig for them to do and 1 btc is only a small amount for a site like bitdice. They have been in the gambling industry for far too long just to risk their reputation with only 1 btc so you can be assure of this one

[kolloh]

That would be more interesting to see is perhaps authorization on withdrawals - allowing players to enter the account yet preventing them from withdrawing the 1 BTC funds.

If they actually do that then it will only harm themselves with all the negativity. That is an impossible thig for them to do and 1 btc is only a small amount for a site like bitdice. They have been in the gambling industry for far too long just to risk their reputation with only 1 btc so you can be assure of this one

Yep, there isn't any incentive for them to harm their reputation in this manner. This promo is obviously to show the strengths / security of their login system so it is unlikely someone will get in, but if they do I'm sure the 1 BTC will still be there waiting.

[actmyname]

If they actually do that then it will only harm themselves with all the negativity. That is an impossible thig for them to do and 1 btc is only a small amount for a site like bitdice. They have been in the gambling industry for far too long just to risk their reputation with only 1 btc so you can be assure of this one

Impossible? You mean... 2FA is only possible with logins but not withdrawals? Where have you been, mate? It's not risking their reputation -- in fact, it would further establish it. If BitDice were in the position to be able to allow players to log into an account where they could see the balance but not do anything with it, then that would surely show off their security - more than this current thread.

Of course, such a demonstration would require the implementation of a few things: restriction on betting, restriction on tipping, restriction on withdrawals
Betting restrictions could be time-based or toggled with 2FA along with tipping, and withdrawals can require an authentication (via Google Authenticator or SMS)

[though if really necessary the server could just simply ignore all withdrawal/tip/bet requests from that specific account, acting as if it were secure]

Yep, there isn't any incentive for them to harm their reputation in this manner. This promo is obviously to show the strengths / security of their login system so it is unlikely someone will get in, but if they do I'm sure the 1 BTC will still be there waiting.

Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.

[kolloh]

Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.

Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.

[shulio]

Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.

Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.

Even if they did remove it, all you need to do is to show the screenshot of yourself manage to get into the account and they will still credit your account with 1 btc given that they havent end this event yet however pretty sure that they wont end it , just showcassing this actually give the site some credibility

[arwin100]

Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.

Yeah, I suppose its not really a "promo" per se and is designed to show off the security features of the site. However, the 1 BTC reward acts as a bounty if someone did manage to get in the account. Nobody would know if they removed it unless someone managed to get into the account. While unlikely, it is possible someone manages to find a bug or something. There is really no reason for them to prematurely remove the 1 BTC either. I'm sure after a certain length of time has passed, they will publicly state they are removing it if no one was successful in accessing it.

Even if they did remove it, all you need to do is to show the screenshot of yourself manage to get into the account and they will still credit your account with 1 btc given that they havent end this event yet however pretty sure that they wont end it , just showcassing this actually give the site some credibility

Big possibilities that they would not end up this event since it can be appealing to massive public to show their great security, and i also feel interested the way community speaks about the bitdice itself and i would surely try to play at them after the christmas party


That 1 btc is a though challenge for the intruders.

[piloder]

Again, not harming if they do it correctly. And it's not really a "promo" per se since it's to show off their new "security" which is just a simple email authentication (from foreign ips or otherwise).

But what would be the point of keeping the 1 BTC there? Nobody would know if they removed it.

Yes it only seems they have email authentication system like few sites and specially blockchain and yobit have right now. However that simple process can add great security feature to any platform.

But there is also no point to remove it from that account, by keeping that 1 btc in that account and giving username password combo they are trying to attract more users to play in their platform which i have never seen done by any other gambling platform before.

[TooMainstream]

As far as I checked, the only weak point of this is the email account.
I can't tell you why exactly, but an user I know instead of using secure mails uses exploitable mails even if he feels safe.
So yeah, all you need here is some social engineering.

[just_Alice]

Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

[kolloh]

Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

[condoras]

Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole...

[BoXXoB]

Hey guys,

Whole thing was to prove default settings. As I've mentioned it in the first post, I did not set any additional security settings. This is security by default, which each user gets after registration. You can lower it, if you feel comfortable, or increase. It's up to you. But by default you should be as safe as your email provider.

Regarding security problems with email, your account still can be safe even if your email has been compromised. Just set 2FA. You can also set IP address lock, or withdrawal address lock. We provide as many options as you can possibly use.

Regards,
Alex

But if a hacker had hacked the email and he has the password to the account can't he just reset the withdrawal address and the IP address? Or by 2FA you mean other thing than email? I'm sorry if my question was a stupid one, I'm new to this thing.

They also have a 2FA option to use your phone as 2FA with Google Authenticator or similar. This is probably an even more secure method than email as they would have to have access to your phone in order to get the 2FA code.

2FA is more secure way that's why you need to be carefull.
When and if you enable it, you MUST store somewhere your 16-digit code/key.
If you don't and you loose your devise, you are in a black hole...

It's a sad truth far too few people back their 2FA code up. Then what we see is them crying here on BCT that they've lost their 2FA and need help...