Hack Into BitDice And Get 1BTC!

[UGMZ]

Now a days i am much afraid to try the new websites like this with such offer as recently i have joined the site like this which was seems good but after joining all of my accounts data was stolen and the all money in my accounts have been gone. So i want to see users review regarding this to clear my mind.

Do you mean on some OTHER site your money was stolen or on this particular site? Can't seem to understand what you mean there. Please clarify it a bit

From his post I understood that he is telling about any other site where he joined but lost his account due to hack attack. By the way from this thread everyone know that bitdice is more secure even if you give access to your account to anyone he will not be able to login from his device.

But after login attempt the site send the details for to get access to the site through the email so it means that if a person get access to the email address on which the owner is registered then the hacker will be able to hack the account easily. Can you tell who will be responsible for that?

Like I said in my mini report. Social engineering is about the only way you will get round this.

And if someone loses there email account then that is no fault of the site.

They do have good security on the site. And they have "decentralized" the site the users see from the back end of the running of the site.

[carmenullery]

Now a days i am much afraid to try the new websites like this with such offer as recently i have joined the site like this which was seems good but after joining all of my accounts data was stolen and the all money in my accounts have been gone. So i want to see users review regarding this to clear my mind.

Do you mean on some OTHER site your money was stolen or on this particular site? Can't seem to understand what you mean there. Please clarify it a bit

From his post I understood that he is telling about any other site where he joined but lost his account due to hack attack. By the way from this thread everyone know that bitdice is more secure even if you give access to your account to anyone he will not be able to login from his device.

But after login attempt the site send the details for to get access to the site through the email so it means that if a person get access to the email address on which the owner is registered then the hacker will be able to hack the account easily. Can you tell who will be responsible for that?

Like I said in my mini report. Social engineering is about the only way you will get round this.

And if someone loses there email account then that is no fault of the site.

They do have good security on the site. And they have "decentralized" the site the users see from the back end of the running of the site.

everyone laughing at you
i have a bypass like i said, put 10 btc in the account and watch it disappear. 

[UGMZ]

You have a bypasss? I highly doubt this!

But good luck anyway.. I don't suppose you have any proof?

[Shiroslullaby]

If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear. 

[kolloh]

If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear. 

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.

[mixan]

If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear.  

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.

Yes the request from this site is to try to get into one account that is holding these funds. Not hack the whole site to get everyone's account passwords. That would take along time to do just look at what happened to yahoo email service.
It is possible. If an email leak of a presidential candidate while running for the white house is possible so is doing it to this site. They don't have such security as the most defended nation in the world no matter how much your dice site holds.

[carlfebz2]

If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear.  

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.

Yes the request from this site is to try to get into one account that is holding these funds. Not hack the whole site to get everyone's account passwords. That would take along time to do just look at what happened to yahoo email service.
It is possible. If an email leak of a presidential candidate while running for the white house is possible so is doing it to this site. They don't have such security as the most defended nation in the world no matter how much your dice site holds.

Nothing on this world cant be hacked because human do create those inventions and securities in any services here in online world. We should not derailed on the topic and we are just talking here about the 1 btc which is inside on that account.Leaking emails is possible but I don't think it would happen nowadays but well no one knows.Im still following this thread if someone could able to access.

[UGMZ]

I gave up on it after doing a full scan and lots of poking about on the site here is my conclusion.


1. They have a strong server setup that is well defended and there don't seem to be any "known" issues with the site at present.
2. The account security is tight with 2FA and also some kind of IP / Browser agent connection for additional "device" security.

I think they show good technical ability and good operation of the site..  I doubt for now anone is getting into that account, Unless they hack the admin.

[erwin45hacked]

I gave up on it after doing a full scan and lots of poking about on the site here is my conclusion.


1. They have a strong server setup that is well defended and there don't seem to be any "known" issues with the site at present.
2. The account security is tight with 2FA and also some kind of IP / Browser agent connection for additional "device" security.

I think they show good technical ability and good operation of the site..  I doubt for now anone is getting into that account, Unless they hack the admin.

If they could hack the "admin" then they could get anyone's funds on the site and not even just the 1 btc. Then it is safe to say that this site probably has the best security features among the others? Combined with 2FA then it is almost unpenetrable unless someone with some skills actually could get into it

[UGMZ]

Well 2fa can be bypassed by doing whats called a "Sim Swap" But you would need to know the number registered and the details of the mobile phone account (social engineering) contact the network tell them you have lost your phone but you have a new simcard for there network could they port the number over to the new sim (Not as hard as it sounds... 10 min later you have targets phone number ready for the 2FA code..

Yes hacking the admin would be a fairly easy way to go after the site as a whole

With the bitcoin price soaring for 2017 sites like this are going to need to keep a keen eye on security.. Look what happens to gox and others when the price went high. the attackers came out the wood work and hit hard.. with the massive explosion in casino's and dice games. it could be a nightmare waiting to happen for gamblers and exchange users.

[KryptoGuru]

Well 2fa can be bypassed by doing whats called a "Sim Swap" But you would need to know the number registered and the details of the mobile phone account (social engineering) contact the network tell them you have lost your phone but you have a new simcard for there network could they port the number over to the new sim (Not as hard as it sounds... 10 min later you have targets phone number ready for the 2FA code..

Yes hacking the admin would be a fairly easy way to go after the site as a whole

With the bitcoin price soaring for 2017 sites like this are going to need to keep a keen eye on security.. Look what happens to gox and others when the price went high. the attackers came out the wood work and hit hard.. with the massive explosion in casino's and dice games. it could be a nightmare waiting to happen for gamblers and exchange users.

Thanks for the wonderful participation in this UGMZ. I'm one of your follower since i read your replies here in hacking thing. But unfortunately their server is tight and got some really good security. I thought you were so close on hacking it, but I'm wrong on that.

[UGMZ]

I just don't have the free time to keep going I only did a standard testing for things like XSS vulns and Unicorn scan, Vega scan's + a few other of my own tests. and after speaking with the admin and "squeezing" some server info from him It became clear that they are taking customer security very seriously.

But from what I did try and test there "most what your average hacker" would try or have access too without trying to damage the site in anyway it was very secure.

So they get a thumbs up from me.

[Arcteryx]

If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear. 

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.

But did it not get hacked into and that guy stole 38 BTC from the site's wallet?
But that was using the bct talk account password to retrieve access to the casino bank wallet.
So that attempt didn't count am I correct? Or is that totally something different all together with doing something completely illegal?
I think it ended up with the owner paying out those funds out to people who's funds were lost in the hack.
It was all very confusing because it spilled over from an accusation thread against that use and into the campaign thread going back and forth.

[kolloh]

If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear. 

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.

But did it not get hacked into and that guy stole 38 BTC from the site's wallet?
But that was using the bct talk account password to retrieve access to the casino bank wallet.
So that attempt didn't count am I correct? Or is that totally something different all together with doing something completely illegal?
I think it ended up with the owner paying out those funds out to people who's funds were lost in the hack.
It was all very confusing because it spilled over from an accusation thread against that use and into the campaign thread going back and forth.

That isn't accurate. 38 btc was not stolen from the site's wallet in any hack. You'll need to re-read that accusation thread for more information regarding that but nothing was stolen from the site's wallet.

[josephdd1]

If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear. 

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.

But did it not get hacked into and that guy stole 38 BTC from the site's wallet?
But that was using the bct talk account password to retrieve access to the casino bank wallet.
So that attempt didn't count am I correct? Or is that totally something different all together with doing something completely illegal?
I think it ended up with the owner paying out those funds out to people who's funds were lost in the hack.
It was all very confusing because it spilled over from an accusation thread against that use and into the campaign thread going back and forth.

That isn't accurate. 38 btc was not stolen from the site's wallet in any hack. You'll need to re-read that accusation thread for more information regarding that but nothing was stolen from the site's wallet.

Ofc it's not accurate! This...HYIP-Ponzi admin/owner that want's back (?) 38BTC, hack somehing but this is not the BitDice account with the 1BTC on it.
He hacked the forum account of the owner of BitDice and still want back money that don't belong to him from the start of his "great" career as a scammer...

[Oilacris]

If anyone had a way to get into this account, the real question is,
would they just take the 1 Bitcoin, or would they use the exploit to compromise other accounts?
I guess it depends on what color hat they wear. 

Well, you'd still need the account passwords for other accounts in order to compromise them even if you could bypass it. I would think the 1 BTC would be taken if someone was able to.

But did it not get hacked into and that guy stole 38 BTC from the site's wallet?
But that was using the bct talk account password to retrieve access to the casino bank wallet.
So that attempt didn't count am I correct? Or is that totally something different all together with doing something completely illegal?
I think it ended up with the owner paying out those funds out to people who's funds were lost in the hack.
It was all very confusing because it spilled over from an accusation thread against that use and into the campaign thread going back and forth.

That isn't accurate. 38 btc was not stolen from the site's wallet in any hack. You'll need to re-read that accusation thread for more information regarding that but nothing was stolen from the site's wallet.

Ofc it's not accurate! This...HYIP-Ponzi admin/owner that want's back (?) 38BTC, hack somehing but this is not the BitDice account with the 1BTC on it.
He hacked the forum account of the owner of BitDice and still want back money that don't belong to him from the start of his "great" career as a scammer...

Theres no connection between this challenge and those situation which happen on the past and also theres no need to bump this thread since its already 3 months passed and no one could able to do this challenge on hacking the site. If until now theres no one could able to get on the 1 btc on the account given then im sure security of this website is good enough and could increase more trust regarding on handling funds.

[Dobrii]

To prove our security, we run a HackMe event. I've tipped user hack_me with 1BTC.

Here's registration email: contact@bitdice.me
And password: Jy45kFbGJX9n5q8

Yes! We've posted password from an account with 1BTC on it. Simply sign-in and take it

Couldn't? Well, that's because our security is so safe that even leaking your password can't do anything bad. We are safer than Bitfinex  

User hack_me was registered with default settings, nothing has been changed under his profile.

Join to one of the safest casino worldwide.

In BitDice We Trust!

Great news. I believe that BitDice will be the best casino in the sphere of gambling.

[adaseb]

To prove our security, we run a HackMe event. I've tipped user hack_me with 1BTC.

Here's registration email: contact@bitdice.me
And password: Jy45kFbGJX9n5q8

Yes! We've posted password from an account with 1BTC on it. Simply sign-in and take it

Couldn't? Well, that's because our security is so safe that even leaking your password can't do anything bad. We are safer than Bitfinex  

User hack_me was registered with default settings, nothing has been changed under his profile.

Join to one of the safest casino worldwide.

In BitDice We Trust!

Great news. I believe that BitDice will be the best casino in the sphere of gambling.

You know what.

If you really want to spam your sig in the least amount of work possible. Due some work and try to avoid bumping a thread that was created over a year ago and its irrelevent.

Doing so mods will either remove your posts or contact your affiliate manager and have yourself get booted from the signature campaign.

This thread should be locked right now.

[Theb]

That is the best thing about 2FA security as it is an added layer of security for the user. I have done it in the past as passwords simply couldn't make me comfortable to sleep at night. However 2 factor authentication are kinda annoying sometimes as there are days that you just want to log-in into your account and play having 2fa always on will make you soend a few extra seconds in order to proceed to the site.

[billy M.]

Nice additional security feature now everyone is curious how to hack the mail address provided then if 2fa is installed on email another work.