To answer Game-Protect point’s directly:
1) Bitcoin hot wallet is almost always empty since December 2016.
For security reasons it advisable not to have a large sum of coins in a hot wallet. When the hot wallet needs funds we have to manually transfer coins from our cold storage. Because of this and the increase in withdrawals due to the btc price increase and naturally investors wishing to take advantage of this.
O.k., I understand that it is not adviseable to have a large sum of coins in a hot wallet.
What I do not understand is
1) Why you need so long to re-fill the hot wallet?
2) Why was the person who "hacked" those 4 accounts able to withdraw the 200+ instantly, while others were not able to withdraw 5 BTC?
I mean you said for
security reasons the hot wallet had not large amounts, but curiously your security did not work for the 200+ defrauded BTC?
2) Dice game investor account balances in the height of minimum around 200+ Bitcoins “magically” disappeared and were instantly withdrawn.
This was due to a combination of factors. The 4 investors were connected albeit coincidentally by the following. All compromised account emails were present in one or more of the btc-e, 2plus2 and betking.io hacks.
The below time line gives more detail to game protects’ analysis.
August 26, 2016: Reports of leaked BTC-e accounts being attacked.September 1, 2016: Leakedsource.com lists BTC-e and Bitcointalk accounts as available to hackershttps://www.hackread.com/hacked-bitcointalk-forum-database-on-dark-web/November 20, 2016: 2plus2 forum hackedhttps://www.pokernews.com/news/2017/01/twoplustwo-discovers-user-database-hack-jan-8-26740.htmTwoPlusTwo’s user database at forumserver.twoplustwo.com was recently compromised, according to an email from TwoPlusTwo management sent to users Jan. 9. The hack was discovered Jan. 8.
December 24 2016: Betking.io hack hackedThe attacker had complete access to the database. This means he could have seen player dice seeds, balances, email addresses, emergency withdrawal addresses, IP addresses and two factor authentication backup codes.
December 27 2016 - January 9 2017: 4 Investor accounts login and withdraw.Whoever the person was that withdrew had the account details. The account emails were all present in one or more of the btc-e, 2plus2 and betking.io hacks mentioned above.
We can not check what happened on your gaming server and we can not check if the by you mentioned events are anyhow related to the 200+ disappeared BTC.
What remains is that your security feature "low hot wallet amounts" failed exactly for those 4 accounts!
3) Satoshidice scam server administrator is not able to check if gaming server was compromised, even though every second of what happened is (should be) recorded! The site has no 2 factor authentification, a very basic standart for Bitcoin exchanger and their server probably do not fulfil very basic security standarts as well!
There is no evidence of the servers being compromised. Part of the work is to exclude that the accounts in question simply made a withdrawal and then stated that they didn't make the withdrawal.
We got one report of a user who clicked a Bitcointalk phishing link, entered his information and then got his balance stolen on Satoshidice.
We have seen attempts of password guessing on what appears to be big lists of emails. We do not store password in clear text in the database but we looked at real-time password attempts and there thousands of login attempts made with different emails and password "password". All those IP addresses are blocked and stored for future evidence.
You can see in the server logs what happened. If the customer logged in directly, if there were hacking attempts trying multiple passwords, if the 4 "compromised" accounts used the same IP, devices, etc. Server admin can check this within 1 day.
4) January 11, 2017, the account Underdog01253 was created, placed a 0.25 BTC ($250!) slot bet and won a x1215.92 multiplier to walk away with a whopping 303.73 BTC!
There is a large bet history for the user “Underdog01253”. The user continued to play and lost ~3/4 of their winnings
No one of us can check if this user really exists. Bet histories are irrelevant, as you can simply manipulate them! As we all know, your licensor Curacao eGaming do not control anything.
If you consider that
1) You destroyed a $12 million paid domain
2) Investors had started to withdraw 100s of invested BTC
3) Customers were not able to withdraw in a timely manner
4) 200+ BTC disappeared
and instantly withdrawn, even though you had the security system of low hot wallet amounts
5) MegaDice obviously blatant lies
6) A new account registered, placed a $250 slot bet! and instantly won a x1215.92 multiplier 303 BTC slot and contrary to your terms and conditions, then everyone can think his part. I never said this was an inside job, because I have no proof, but everyone can think what this might was...
5) The 303.73 BTC slot win was reduced from Satoshi Dice investor account balances, even though the “Bet on the house” terms and conditions clearly state that investors only invest in the Satoshi Dice game
We did not update our description on the “Bet on the House” tab when we added the Satoshi Slot game to the site. This was an error, of course on our part. However, it is worth noting:
It was was the description that should have been updated, not the Terms & Conditions as agreed to when a user creates an account.
Long term backers affected by the big Slot win were also affected positively overall.
This is the only part where I call you a scam, because I have proof of this scam!
You have 2 descriptions of how investors bet on the house?
1) "Bet on the House" description
2) Bet on the House description in your Terms & Conditions
Even if you had 2 descriptions (what I doubt), the publicly visible 1) "Bet on the House" description is applicable.
The long term backers affected by the big slot win were affected positively by the slot bets before and after the big win:
Overall, SatoshiSlot has given over 150 BTC to backers.
Your argument it was o.k. to reduce the 303 BTC slot win from Dice investor balances, because longtherm backers were not affected is absolute nonsense!
If someone started to invest 2 weeks ago?
Despite of this, I was informed that no one knows what profits he received or losses were reduced from his Dice investor account balance.
