We recently identified and confirmed a technical vulnerability in our Originals section. Specifically, a flaw in our provably fair seed generation system allowed certain users to retrieve an active server seed in its decrypted state, enabling them to predict the outcome of specific rounds and wager accordingly.
We became aware that this exploit was being actively used by a number of players, and we took the decision to immediately disable all Originals games to protect the integrity of our platform and our community.
We take the fairness and security of our platform extremely seriously. Once the fix has been implemented and thoroughly tested, Originals will be back , stronger and fully secure.
Though users' funds haven't been affected, it's still a matter of concern. Because exploits from the beginning won't be a good sign for a gambling platform. Testing with your team isn't sufficient for a gambling platform because you create it and you might fail to notice the mistakes there; as a result, there is technical vulnerability.
Any platform should be tested by the public at the beginning or before launch. It would help to detect any technical vulnerability or bug on the platform. We often see various crypto platforms run bug bounties where users and developers participate to find any bugs; also, the review campaigns would help get direct users' opinions. Definitely, they will share if they find something wrong.
Thanks for sharing your perspective, and I genuinely appreciate the time you took to write this out.
You're absolutely right that internal testing alone has its limits, that's a fair point and one we take seriously. But I'd push back gently on the idea that vulnerabilities at any stage are a sign of something fundamentally wrong. The reality is that every major software platform, from banks to exchanges to the biggest tech companies in the world, has dealt with vulnerabilities. Microsoft, Google, Binance, Kraken, you name it. The difference between a trustworthy platform and a careless one isn't whether bugs exist (they always will), it's how the team responds when they're found.
Without mistakes, no one improves.
What matters is identifying issues quickly, being transparent about them, fixing them, and learning from the process. That's exactly what we're doing. We've already patched two of the affected Originals (Mines and Coinflip), and work is ongoing on the rest. User funds were never at risk, and we'd rather catch and fix these issues openly than pretend our platform is flawless.
Your suggestion about bug bounties and public testing is a good one, and it's something a lot of platforms (including us) lean on as part of a healthy security posture. Community input is genuinely valuable, and reports like the one that surfaced this issue are exactly why we encourage them.
We're not claiming to be perfect, we're claiming to keep improving. That's the commitment.
— Kikabet Team
