TL;DRSVIP6 account (tempara, BC UID 33509850) with $76,000+ in historical deposits was compromised on January 17, 2026. An unauthorized withdrawal of $5,640.3878 USDT occurred despite active 2FA while the device remained in the account owner's possession. BC.GAME support stated this was “impossible”; however, the withdrawal was completed within a 32-second window and coincided with unsolicited BC.GAME security emails indicating access attempts associated with an IP geolocated to Montreal, Canada. The account has been locked, and all recovery requests have been ignored for over 72 hours.
---
LIVE EVIDENCE: I was actively logged in and captured the system notifications in real-time as the funds were drained. My authenticated session was abused without user authorization, and without any 2FA challenge being presented to my device.
---
ACCOUNT VERIFICATION• Username: tempara (SVIP6)
• BC.GAME UID: 33509850
• Account status: Fully KYC verified
• Total deposits: $76,000+
• Amount stolen: $5,640.3878 USDT
• Incident date: January 17, 2026
• Current status: Unresolved – no substantive response after 72+ hours
---
WHAT THIS REPORT IS ABOUTThis is
not a dispute about gameplay or losses. This is a documented system-side security breach followed by silence from the operator.
---
THE "IMPOSSIBLE" CAUGHT IN REAL-TIMEI was actively using the account when the breach occurred and managed to capture the exact moment of the theft via Firefox.
https://i.postimg.cc/qRNvHd9n/01_Live_Breach_Detail.pngNote the synchronous status: The system shows both "Withdrawal in progress" and "Successfully withdrawn" for 5,640.3878 USDT simultaneously. No 2FA prompt appeared on my screen during this hijack. This is a crop from the full dashboard capture (Image #09 in the gallery).---
BC.GAME'S OWN SECURITY CLAIMS (DIRECT QUOTES)During live chat, Support Agent "Sep" stated the following regarding this account:
"I actually checked your security details and it is indeed that your 2FA is enabled, which means it's impossible for anyone to withdraw on your account without having physically the device of the account owner.""I understand, but since 2FA is enabled, the only way you can withdraw on the account is through having your physical device, the funds cannot be withdrawn online in any other way without the device itself.""Regardless of the IP used, if the supposed hacker doesn't have the physical device itself, he cannot have access with your 2FA verification. So it's really impossible for them to do this remotely."This is BC.GAME's own support making the same claim three times: Active 2FA requires a physical device. Withdrawal without the device is impossible.
Yet the withdrawal occurred anyway.
---
WHAT ACTUALLY HAPPENEDDespite the above assurances, an unauthorized withdrawal occurred remotely with the following conditions:
• 2FA was active
• The device remained in the account owner's possession
• 4 unsolicited security emails with verification codes were received during the incident window
• Activity correlated with unsolicited BC.GAME security emails indicating access attempts associated with an IP geolocated to Montreal, Canada (AS9009, M247 Ltd). These requests were not initiated by me.
---
INCIDENT TIMELINE (CET / UTC+1)20:05:19 – Internal fund movement initiated
20:05:31 – Asset conversion completed
20:05:51 – Final withdrawal executed (TRON network)
All actions completed within
32 seconds.
This was:• First-ever TRON withdrawal on this account
• 23× larger than any prior withdrawal
• Completely outside the established account behavior pattern
---
TECHNICAL NOTE ON 2FA BYPASS: On BC.GAME, a 2FA prompt is mandatory for all withdrawals. However, as I was active in the session during the breach, no 2FA prompt ever appeared on my screen. The system processed and authorized the withdrawal without requesting a code from my physical device, effectively bypassing the mandatory security layer.
---
THE LOGICAL PROBLEMBy BC.GAME's own definition:
This incident was impossible.Yet it occurred.
That leaves only one conclusion:
BC.GAME's session management and/or authorization controls failed, allowing a withdrawal without user authorization despite active 2FA.This is not an opinion. This is a technical conclusion supported by BC.GAME’s own security statements and system behavior.
---
FORENSIC EVIDENCE ALBUMClick here to view 9 forensic screenshots(01 Live Breach Detail • 02 SVIP6 Profile Details • 03 Historical Deposit • 04 Recent Deposit • 05 Master Theft Timeline • 06 2FA Security Emails • 07 Support Chat Admission • 08 KYC Verification • 09 Full Dashboard Capture with active server-side countdown timers)
---
EVIDENCE AVAILABLE FOR MODERATOR REVIEW• Full chat transcripts with Agent Sep confirming active 2FA
• KYC confirmation email from BC.GAME (April 2024)
• ISP abuse report confirmation from upstream provider (M247 Ltd)
• Email timestamps and session overlap screenshots
• Blockchain transaction records:
https://tronscan.org/#/address/TVZReB5upDDPhHYHhdU3dUSwHaqGS9d7kP/transfersNo credentials, recovery phrases, or 2FA codes were ever shared.
No third-party sites or tools were used.---
BC.GAME'S RESPONSE (OR LACK THEREOF)• Formal recovery request submitted: January 19, 2026
• Stated response SLA: 72 hours
• Actual response:
None• Technical explanation provided: None
• Interim acknowledgment: None
• Resolution offered: None
Account remains locked with no path to recovery.
---
WHY THIS MATTERSA verified SVIP6 player reporting a documented 2FA bypass should not be ignored.
If a withdrawal can be executed under these conditions, 2FA on BC.GAME does not provide the security guarantees users are led to believe it does.
Users deserve clarity, accountability, and restitution.---
VERIFICATION & ACCOUNTABILITYI have been a Bitcointalk member since February 2017 (username: cgraph). I am putting my 9-year-old forum identity behind this report because I understand the stakes of making a public allegation.
I am prepared to provide unredacted forensic documentation to any trusted forum moderator.
---
Due to a current health issue, my responses may be slightly delayed, but I will provide documentation to substantiate every claim in this report.
Contact: PM me
