Hey guys..
Hello @LastcallS
The team will re-post the entire conclusion summary of the account report which has been emailed to you among other emails.
You clearly left out large portions of the story in order to fit your bias. Things you left out in your message:
1. You had played, won, withdrew, deposited, received Bonuses + Rakeback and had a regular account activity since 2018 without any issues.
2. As you will read below - there is more to the story than what was written. Would you like to explain why your account logs into every timezone consistently month after month? With idle times exceeding any other player on the platform and irregular table joining behaviour? Also getting your password wrong all the time? After evaluating your account behaviour during our investigation, it quickly became clear that you either shared your account with other people or were using some form of automation software. Either scenario opens the door to possible exploits which is what clearly happened. You admitted to only be located in one location and using your PC 'only for poker'. Your story does not match your account history.
3. The most important comment and your entire argument equates to the following:
"The way they do the withdraws is that they group them together and send them daily. I don’t understand how would you approve the second withdraw based on the first one especially if the IP address is totally unusual (Germany). I know why because it was made by you and this is how you took the 4btc."As the team mentioned many times
your initial withdrawal that you made was approved and scheduled to be sent out in the next withdrawal window (which takes place once per day for the entire platform). This means all requests get grouped for all members into one time window.
This is normal and has been the same procedure since the beginning. Your account requested another withdrawal before the initial one was processed and once again it was approved and added to the queue as normal. When the queue time came around that day, all withdrawals were processed as normal. Later that day you report that your account was compromised and the team reacted right away to block both accounts with cancelling the second account's pending withdrawal for the rest of the balance.
As for the IP changes - more on that is written below. As a summary your account has changed IP's 6 times in its history and the platform does not track IP changes or locations unless its a Blacklisted IP. This is because most players prefer using VPN's and it is common for one account to log in through multiple IP's.
4. You are quick to call it a scam when accounts being 'hacked' has never happened before in the platform's history. Why are other accounts not being 'hacked' if it is so common? The other users who were banned in this thread is due to either collusion, using multiple accounts or other forms of cheating.
Your story has nothing to do with any other person commenting in this thread and is entirely not related in any way.
Email highlights as sent to you:Alongside the response, you were provided 3 attachments which shows your entire account history and log files.
1. Irrefutable evidence of your account being accessed normally without any password reset. A password reset request was never made. Your account logged into the platform without any irregularities.
2. Evidence of your account being logged into and used during a regular time-slot (11:00 - 12:00 UTC). Your entire login history shows 34 total occurrences of the same login timestamp within a +/- 1 hour time differential.
3. Evidence of 6 separate unique IP’s being utilized throughout your account lifespan.
4. Evidence of 33 occurrences where you got your password wrong since September 2018 until April 2020. An average of almost twice per month you are getting your password wrong despite logging in almost every single day.
Strong correlation for misuse of login credentials. More analysis on this point can be found below under 'Additional findings (1)'.5. Regular account activity playing game modes (Heads-Up Cash Games) which your account has played many times before.
6. Regular stakes played (1/2mBTC tables) which your account has played many times before.
7. In conclusion your account activity from the perspective of the platform showed regular usage.
Evidence based reasons for no security alert triggers during possible but not proven account intrusion:1. Account logged into a regular time slot which has been used many times before.
2. Account password used as normal for access. No irregularities found.
3. Due to our policy for allowing accounts to utilize multiple IP's as long as it is not a blacklisted IP - the platform does not check for players who use a new IP as almost all of our playerbase prefers using VPN's which is the preferred consensus of privacy within the Cryptocurrency community.
4. Your second withdrawal as previously explained was grouped into your first withdrawal request that was made 7+ hours prior and executed at the daily withdrawal slot. As explained previously, all withdrawals are processed once per day for the entire platform. Your account status was clear and there would be no reason for the team to block any withdrawal requests.
5. As you did not enable 2FA via emails onto your account - there was no reason to confirm any withdrawal requests via email.
Additional findings: (1) Poor login credential management is the most probable cause of account intrusion/leak1. Poor login credential management due to abnormally high amount of incorrect password attempts on your account record (33 incorrect password occurrences) despite logging in almost every day of every month.
2. Due to the incorrect password attempts - you are not using the 'remember password' feature of the application. This means if malware was the cause of the account intrusion - you are open for viruses to steal your password as you continuously type it in regularly.
3. An example of points #1 and #2: March 2020. You logged into the platform: 55 times and got your password wrong 4 times in the same month all on separate days. Why get your password wrong so many times when you logged in 30 out of the 31 days.
Conclusion (1): All the points above indicate a poor management of your login credentials or possible account sharing among friends/family which opens more doors for intrusion and data leaks from your side.
Additional findings: (2) Possible Bot/Automated playing software usage which could have account leaks:1. Admittance from you twice in email correspondence that you use your computer 'only for poker'. The team found this statement strange and looked into what you meant which revealed multiple red flags. No member has even said anything similar and there is no viable use case for utilizing an entire computer only for one game that requires very little resources unless you are running it in a server environment for automated uses.
2. No records of you joining pre-existing games on any Tournaments, Sit n Go's or any other Ring Game table other than heads up games. You only ever join empty tables. This would be normal as some users prefer heads up modes however you have never joined heads up games that were already available. You always sat by yourself in your designated seat position waiting for players. Our engineering team reviewed such behaviour who have experience in automation and explained the following:
"A very basic reason why this behaviour happened is due to the set up and configuration process of bots and/or any automated systems. They all rely on hooking onto pixels on the screen to read card information. This process is very delicate and requires prior set ups to ensure it works well. The user goes on an empty table, sets up the required parameters and just leaves the device running. If they get action, the bot plays as normal. After they are done they simply shut off and re-run the process the following day. This also explains why the user was manually typing their password to login as bot software does not have automated means to login and join tables automatically. This part has to be manual and there is clear evidence of such behaviour. In addition to this - if true; it fully explains the account intrusion as the user likely purchased the software from underground sources with an array of likely leaks."3. Prolonged daily idle time which exceeds the nominal expectation of up to 1.5 hours per day per user. In your case - your idle time on average ranged from 2.5-5+ hours which is greater than 200% the expected norm seen via all other players. A view of your entire history for 2020 has been attached for the days you had no action. The same result can be found in previous years as the team checked. Highlighted in yellow are the idle times outside the expected range of 1.5 hours.
4. Unnatural joining tables pattern and frequency. As noted in the attachment for idle times, the team also observed unnatural table selection and joining patterns. Your account always joined three empty heads up tables at all times continuously every single time you logged in. Then simultaneously sold chips across all three tables even when not logging out.
For an example: Login (Apr 02, 2020 @ 12:12 UTC). Joined 3x heads up tables. Left all three tables at 18:35 UTC. Then re-bought again in the same tables by 18:36 UTC. Then disconnected at 03:53 UTC the following day not playing against any opponent, simply being idle. Why not join other tables, why sell the chips just to rebuy them again in the same instance and why idle from 12:12 UTC until 03:53 UTC the following day - are some obvious questions the team evaluated. This unnatural behaviour indicates obvious automation.
5. Account logging into every timezone. As noted in the access log attachment -
your account seems to be immune to timezones. Your account frequently logged in and out of every possible timezone which is not normal or natural behaviour indicating automation. We assessed our playerpool and do not have such occurrences.
You admitted to only be located in Canada therefore how is your account active during hours of sleep or work?Conclusion (2): Due to all the points above - there is clear substantial evidence of bot/automation software utilized and/or account sharing with friends or family members who live in a different timezone. Both conclusions violate our terms and conditions for account sharing or assistance software being utilized. Due to these reasons - additional account leaks from your side could have been possible when evaluating how the account controller gained access to your account via underground third party software.
Report Final Conclusion and Resolution:1. Your account has been refunded 1,195.40 mBTC which is the totality of the rake + second account's total balance they attempted to withdraw.
2. The second account who appeared to play with your account has been permanently banned.
3. Your account has been enabled for 2FA verification via emails for all future withdrawals.
4. You accepted the resolution provided and withdrew 1,690 mBTC from your account.
5. You continued to play on the platform on Apr 09, 2020 as normal.
6. You have been refunded the largest extent possible. All further damages and losses are your own responsibility as per terms and conditions regarding misplacing your password and failure to safeguard your login credentials and account. The relevant terms and conditions sections are as follows:
3.3) You are obliged to protect your Personal Information. We do not take responsibility and cannot be held accountable for any leak of personal information that may arise out of your own behaviour.
3.5) You must not share your Login Credential with anyone. We do not take responsibility and cannot be held accountable for any account issues and/or losses if you have shared or misplaced your Login Credentials.
12.4) You are responsible for any activity on our Platform arising out of any failure to keep your password confidential, and may be held liable for any losses arising out of such a failure.
13.9) You must notify us in writing immediately if you have lost access and/or control of your account. We do not take responsibility and cannot be held accountable for any account issues and/or losses arising out of shared accounts.
26.4) Users have a responsibility in making a Withdrawal Request containing the correct Wallet ID. We are not accountable for and will not cover any losses occuring due erroneous, mistyped or otherwise incorrect Wallet IDs as this is outside of the control of the platform.
33.5) If a player has been cheated on by another player when using the Facilities, we shall only refund the amounts lost by the player as a result of being cheated in the event that we can locate the cheating account and access the funds in question. In the event that more than one player is affected by the cheating account and we can allocate that cheating account, the remaining funds in the cheating account will be distributed on a pro-rata basis in accordance with the loss of each affected player.
7. Final remarks from the management team have been attached below after evaluating the new findings.
Final remarks from management:"Hello,
We have become increasingly aware that this may be an elaborate scheme to defraud us by claiming your account has been accessed out of your control. You have consistently attempted to extort further payments by threatening us with legal action and continuously repeating the same information without being able to provide any further evidence for us to look through and consider.
Even though we have already given more than necessary information about how our platform operates as well as explaining our Term and Conditions to you in great detail.
We find it incredibly offensive that you continue to make wild accusations against our staff members who have gone above and beyond in order to recover funds which you claim have been misappropriated. As explained in previous correspondence we have extracted all available funds in this case and have refunded the maximum amount of BTC possible back to your account as quickly as possible which you have already withdrawn from the platform without facing any issues. This includes the amount from the second account, the amount transacted between the two accounts as well as the rake paid by both accounts. All funds which have left the platform cannot be recovered and that is where the extent of our reach ends.
Further to this point, we have now uncovered that you have previously operated two accounts during the same period. An account under the username of “PriseAI” has been found which is registered under an email extremely similar to yours. The email in question being “a.k*******@gmail.com” while your email being “i.k*******87@gmail.com”. As we are sure you are already aware this is a violation of our Terms and Conditions and would lead to a permanent ban for both accounts. This was not picked up by our team and the account was completely emptied on 11 January 2020.
This evidence shows us that it is entirely possible that you have orchestrated this scenario while previously testing whether our system will be able to spot this type of behaviour. This may have happened on multiple occasions with varying degrees of success. We find this information alarming considering we asked you to give us all information possible and you claimed that you have never done anything wrong and are an honest person. It would seem as though you had the ability to create a second account and play both. In this case playing against yourself to lose funds with the plan to claim further compensation after claiming your account was compromised while at the same time retaining a portion of your balance through a withdrawal. This may have also been done with another party, perhaps a friend or relative from the same family. Adding to this point, we will also be carrying out an analysis to check whether there is any evidence that you are connected to the players which you have previously played with especially those which formed a large portion of your total balance.
In addition to this, we find it highly irregular that a player who has won a large amount during the course of a few days does not initiate a withdrawal of balance especially when in your previous emails you refer to this amount as being substantial. Instead you left more time to elapse with your balance remaining untouched. We assume this time was needed to plan this scheme and put everything in place to carry it out. Instead, you then make an extremely small withdrawal request which we assume was a distraction or test considering how often you mention this withdrawal in your previous emails. We believe you were planning on leaving the platform anyway as you had amassed your largest balance to date and thought you may try to extort more funds from us since your reputation will no longer matter.
Furthermore, after reviewing more of your login data we have found that consistently between 1-3 times per month your password is entered incorrectly and then entered successfully within the same minute without any further wrong password attempts in this sequence. We find the consistency of this highly suspicious and have never seen this type of behaviour from any other user. Most users tend to type their password incorrectly only a handful of times during the course of their account history as well as having multiple incorrect attempts in one go. Something which has never been observed with your account. This leads us to believe that you may be running some type of assistance software possibly a highly sophisticated artificial player known as a “bot” which could be in control of your account. We would also like to note that we believe you had a fear of being automatically blocked by our system and reset your password every time it is input incorrectly. You yourself have mentioned in a previous email that you use your computer “only to play poker”. We find it highly possible that you are running this machine to automatically play for you at any time. We will continue to review more login data as well as comparing it to other accounts.
The team will continue to analyze and implement additional features and strategies to avoid both botting on the platform as well as any possible account intrusions from our side however we cannot control how users safeguard their own passwords and account credentials."