What next?

[hippich]

Today I opened admin panel of my http://betco.in to find out that some "smart" kid created 6 accounts and was playing currently running free roll SNG tourney. With all ins in each game. He was hunting for 1 chip (i.e. 1 bitcent). He was able to withdraw this "astonishing" amount of bitcoins during 3 HOURS - incredible 78 bitcents!

People, c'mon. What will be next? You will be looking to get 5 bitcents by scamming someone? Then 1 bitcent?

very disappointed...

Hope price will drop enough to get rid of all these scumbags.

[hippich]

Here are nicks of this guy. Something suggest me he is russian. I am russian myself, so this is even more depressing:

MelloNear
ZorroNext
ZidanChampion
jessygreen
msGoodLuck
alexalex


And here are his addresses.

1LtxvKpmn4AG23NbqwzsbYTUkQaY625ceR
1AbCJgVvuz1Cc7DHg83zCEbgDTwtK1gKbM
1LSN7yZ6esfBxSfoKt77LpbDxQ8d3bzRL3
1FiMSaS9MxZYNbKgKM7bvkDj91cHDvtotc
12U3kJic1pREtLHWj2JsvtRmbMbFEsS24T
1DR2QEnzJrRBpX8DhpdpaiBvgyGpHxZy9W

[hugolp]

I hope the price goes high enough to get ride of naive admins.

If there is a flaw someone is going to use it. If you want to run a business youll have to deal with it.

[hippich]

well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..

[aq]

well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..

Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour 

[hippich]

=) with all my optimism here, i do not see this happening soon. but i would like it to be like this..

[nmat]

Reminds me of this:

[hugolp]

well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..

Some people get a thrill out of "free" stuff. I think it happens the same with cheating. The guy feels more intelligent than you because he is using your system in a way you did not intent. As I said, if you run a business youll have to deal with this kind of stuff.

[hippich]

I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this).

[Phinnaeus Gage]

well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..

Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour 

Is the math right?

[aq]

well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..

Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour 

Is the math right?

0.78 BTC * $100 = $78
$78/3hours = $26/hour
So yes, I should have written $26 

[Phinnaeus Gage]

well.. to use any flaw you need an effort. spend 3 hours to get 78 bitcents? this community was better before..

Apparently this "kid" is an investor, because once a Bitcoin will be worth $100, his investment of 3 hours will got paid at $25/hour 

Is the math right?

0.78 BTC * $100 = $78
$78/3hours = $26/hour
So yes, I should have written $26 

My bad! I thought it was 78 bitcoins. Just now saw the cents.

or

My bad! My slide rule has a dent in it.

[aq]

I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this).

If this was done by a bot, then 0.26 BTC/hour is actually a decent revenue. It would take some 11Gh/s to make the same amount.

[piuk]

About 75% sure his ip is 128.253.153.95. It's from cornell.edu so possibly you could ring the university, but i'm not sure they could/would do much.

[hippich]

I expected it could be hijacked like this. It is a main reason why I made 0.01 BTC prize pool for each tourney (I thought to make it something like 0.1 - 1 initially). I believed nobody will want to make it their full time job. Apparently I was wrong (guy was still running his "operation" when I spotted this).

If this was done by a bot, then 0.26 BTC/hour is actually a decent revenue. It would take some 11Gh/s to make the same amount.

This was not a bot for sure. It was manual work.

On the other hand - producing bot who can deal with whole poker protocol, website, registration, bitcoins, etc while would be pretty exciting work, will never pays back since amount of time to invest into it incredible. not saying you should be smarter then this guy to actually do that. =)

[hippich]

About 75% sure his ip is 128.253.153.95. It's from cornell.edu so possibly you could ring the university, but i'm not sure they could/would do much.

I am not going after him in any case. It is not a point of this post. 78 bitcents worth like 4 bucks. I just fascinated how small-minded some folks are (became?).

I can understand why people hack mtgox. Not that I agree with it, but I can understand what motivates 'em. but this... It is like stealing plastic bags from Walmart =))

[Noviz]

I just fascinated how small-minded some folks are (became?).

Welcome to the internet

[hippich]

It's a hobby, finding and successfully exploiting a flaw is rewarding in more ways than 0.78 BTC

The only flaw was assuming nobody will be trying to cheat for bitcents. =)

But also for many people, Bitcoin is exactly this. A "flaw" where you are able to generate money out of nothing. Why are you surprised to see this here?

Because it was not like this before =). I believe ridiculous bitcoin price jump caused all sort of scumbags getting into it.

[Noviz]

It's a hobby, finding and successfully exploiting a flaw is rewarding in more ways than 0.78 BTC

The only flaw was assuming nobody will be trying to cheat for bitcents. =)

Well if that is what the flaw is then it shows your naivety as a developer. I think its harsh to blame the communities 'bad eggs' for your own bad design. You should never trust your users at all, especially in sites such as yours... it sounds bad but if you don't put the correct security, validation, verification in place then you could get one user in a million that would love to piss your site up. Why didn't you implement any safe-guard against duplicate accounts? Did you just not think anyone would try to do this type of thing? I thought duplicate accounts security would be one of the big things to implement in gambling websites, particularly poker.

[hippich]

Noviz, could you give me a hint how to implement good anti-duplicate account measure? =) Just keep in mind - this is bitcoin, not credit cards used to fund account.

I know a bit about online security. And running 10 virtual boxes with VPNs set to different IP address seems like an easy solution against any anti-duplicate measure right now. =)

Remember - there are no 100% secure websites. And you can't do it. What you should try to do - make it economically nonsense to exploit "flaws" (just like bitcoins 51% attack - it can be done, but with this amount of power you can get much more legitimate way).

Where I was mistaken - amount of incentive needed to make people try to use this "flaw".