FirestarterX
Member
Offline
Activity: 109
Merit: 10
|
|
December 01, 2014, 04:50:28 AM |
|
Wasn't the attacker on PD only able to withdraw 40 btc before his misbehavior was noticed and all his other withdrawals were blocked?
On the account where he was obvious about it, sure. I wonder if he had other accounts that he used before that, where he won a bunch in a less obvious way? The way that guy acted out , making straight flat bets at 50% and winning like 100 times, was probably his way to reveal the bug or show that he had hacked the system. I don't think, someone who could have found the flaw would make such bets. He probably hit PD before that Big time. Why are we talking about PD on the MoneyPot thread? Speculating there is a chance that is is the same dude. Both pretty bright attacks n such. I see.
|
|
|
|
myohmy81
|
|
December 01, 2014, 05:43:47 AM |
|
very interestiong really greate site!
|
|
|
|
4ever
|
|
December 01, 2014, 08:56:49 PM |
|
Wasn't the attacker on PD only able to withdraw 40 btc before his misbehavior was noticed and all his other withdrawals were blocked?
On the account where he was obvious about it, sure. I wonder if he had other accounts that he used before that, where he won a bunch in a less obvious way? The way that guy acted out , making straight flat bets at 50% and winning like 100 times, was probably his way to reveal the bug or show that he had hacked the system. I don't think, someone who could have found the flaw would make such bets. He probably hit PD before that Big time. Why are we talking about PD on the MoneyPot thread? Speculating there is a chance that is is the same dude. Both pretty bright attacks n such. What was the attack on PD? Was it the guy who flat bet many bets and won.?
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
December 01, 2014, 10:47:49 PM |
|
What was the attack on PD? Was it the guy who flat bet many bets and won.?
Apparently somebody was able to gain access to their server seed, so they could know what their rolls would be before they rolled. As I remember, he won over 100 max bets in a row at 49.5%, and was able to withdraw 40 BTC before being caught. There are screenshots on the PD thread - go back a couple of weeks I guess. Edit:
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
J3VVL
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 02, 2014, 04:55:14 PM Last edit: December 02, 2014, 05:22:06 PM by J3VVL |
|
https://www.moneypot.com/user/fooThe page you are looking for doesn't exist... ^hmmmm *edit* wow i see now
|
|
|
|
alani123
Legendary
Offline
Activity: 2576
Merit: 1509
|
|
December 02, 2014, 05:08:19 PM |
|
His stats were deleted by Ryan.
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
kuusj98
|
|
December 02, 2014, 05:14:53 PM |
|
His stats were deleted by Ryan. Sure, but is the problem solved? Someone redrawing such amounts of money is ofcourse not something you'd want as a business
|
|
|
|
Brewins
Legendary
Offline
Activity: 1120
Merit: 1000
|
|
December 02, 2014, 05:37:44 PM |
|
What was the attack on PD? Was it the guy who flat bet many bets and won.?
Apparently somebody was able to gain access to their server seed, so they could know what their rolls would be before they rolled. As I remember, he won over 100 max bets in a row at 49.5%, and was able to withdraw 40 BTC before being caught. There are screenshots on the PD thread - go back a couple of weeks I guess. Edit: Any hint how he managed to get access to the server seed? And if it is already corrected or not(more important)
|
|
|
|
alani123
Legendary
Offline
Activity: 2576
Merit: 1509
|
|
December 02, 2014, 05:39:38 PM |
|
Sure, but is the problem solved? Someone redrawing such amounts of money is ofcourse not something you'd want as a business It was actually fixed some hours after someone noticed foo was probably using an exploit. Here's Ryan's response from few pages back. Sorry guys, I was asleep! Thanks for letting me know. Foo did find an exploit, and was kind enough to reveal it. I have quickly pushed up a fix, and purged Foo's games from the database to preserve meaningful stats. Foo used quite a clever exploit in some what should be dead code: http://privatepaste.com/354dae40cdI'd like to thank him for not abusing the bug further, or slowly bleeding me over time. I'm extremely thankful for that, that would have been a nightmare situation. Thanks Foo! Sorry about all the drama people, please enjoy the game.
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
jaysabi
Legendary
Offline
Activity: 2044
Merit: 1115
★777Coin.com★ Fun BTC Casino!
|
|
December 02, 2014, 06:26:07 PM |
|
I'm really impressed by the person who abused this bug. Not only due to the complexity of the exploit, but the fact he only took 5 of the 25 BTC in the hot wallet. He likely could have slowly abused the bug leading the eventual shutdown of MP, but instead was a class act. I'm really thankful for that and working on better security measures so I won't need to rely on the kindness of strangers as much.
Does this mean he got was able to withdraw and keep 5 btc on account of the exploit?
|
|
|
|
J3VVL
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 02, 2014, 06:43:35 PM |
|
I'm really impressed by the person who abused this bug. Not only due to the complexity of the exploit, but the fact he only took 5 of the 25 BTC in the hot wallet. He likely could have slowly abused the bug leading the eventual shutdown of MP, but instead was a class act. I'm really thankful for that and working on better security measures so I won't need to rely on the kindness of strangers as much.
Does this mean he got was able to withdraw and keep 5 btc on account of the exploit? there is something not right about this... out of the kindness of his heart he didn't take it all? yeah right!!! i don't buy it
|
|
|
|
J3VVL
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 02, 2014, 07:11:33 PM |
|
Does this mean he got was able to withdraw and keep 5 btc on account of the exploit?
Yes. He had used the exploit to get somewhere in the order of over 30 BTC in profit. He did withdraw his original deposit, plus 5 BTC as a bounty for finding the exploit. Had he wanted, he would have been allowed to withdraw up to 25 BTC which was the contents of the hot wallet. But being a decent guy he didn't even make an attempt to do so, something that I am very grateful for. i call bullshit
|
|
|
|
jaysabi
Legendary
Offline
Activity: 2044
Merit: 1115
★777Coin.com★ Fun BTC Casino!
|
|
December 02, 2014, 07:20:23 PM |
|
Does this mean he got was able to withdraw and keep 5 btc on account of the exploit?
Yes. He had used the exploit to get somewhere in the order of over 30 BTC in profit. He did withdraw his original deposit, plus 5 BTC as a bounty for finding the exploit. Had he wanted, he would have been allowed to withdraw up to 25 BTC which was the contents of the hot wallet. But being a decent guy he didn't even make an attempt to do so, something that I am very grateful for. I wouldn't call stealing 5 btc a decent action, or one who does it a decent person, just because he could have taken more. Stealing is stealing. The guy stole from you, and if you had investors yet, it would have been stealing from them. I understand you're grateful he didn't clean you out, but I'm still puzzled by your gushing praise for someone who is a thief.
|
|
|
|
blockage
Member
Offline
Activity: 100
Merit: 10
Vires in numeris.
|
|
December 02, 2014, 07:58:43 PM |
|
Does this mean he got was able to withdraw and keep 5 btc on account of the exploit?
Yes. He had used the exploit to get somewhere in the order of over 30 BTC in profit. He did withdraw his original deposit, plus 5 BTC as a bounty for finding the exploit. Had he wanted, he would have been allowed to withdraw up to 25 BTC which was the contents of the hot wallet. But being a decent guy he didn't even make an attempt to do so, something that I am very grateful for. I wouldn't call stealing 5 btc a decent action, or one who does it a decent person, just because he could have taken more. Stealing is stealing. The guy stole from you, and if you had investors yet, it would have been stealing from them. I understand you're grateful he didn't clean you out, but I'm still puzzled by your gushing praise for someone who is a thief. I was in the chat at the time, here's a chatlog. As you can see at 10:47 UTC foo was up >15 BTC and Ryan came online more than 2h later. He could've just withdrawn with a few clicks, but he didn't. He also send a support message to Ryan that explains how the exploit works, which allowed him to patch it fast. I still don't get it. I would've assumed anybody in his position would clean the hot wallet.
|
|
|
|
jaysabi
Legendary
Offline
Activity: 2044
Merit: 1115
★777Coin.com★ Fun BTC Casino!
|
|
December 02, 2014, 08:18:18 PM |
|
Does this mean he got was able to withdraw and keep 5 btc on account of the exploit?
Yes. He had used the exploit to get somewhere in the order of over 30 BTC in profit. He did withdraw his original deposit, plus 5 BTC as a bounty for finding the exploit. Had he wanted, he would have been allowed to withdraw up to 25 BTC which was the contents of the hot wallet. But being a decent guy he didn't even make an attempt to do so, something that I am very grateful for. I wouldn't call stealing 5 btc a decent action, or one who does it a decent person, just because he could have taken more. Stealing is stealing. The guy stole from you, and if you had investors yet, it would have been stealing from them. I understand you're grateful he didn't clean you out, but I'm still puzzled by your gushing praise for someone who is a thief. I was in the chat at the time, here's a chatlog. As you can see at 10:47 UTC foo was up >15 BTC and Ryan came online more than 2h later. He could've just withdrawn with a few clicks, but he didn't. He also send a support message to Ryan that explains how the exploit works, which allowed him to patch it fast. I still don't get it. I would've assumed anybody in his position would clean the hot wallet. Chatlog link doesn't load anything. Is it me or the link? (Also, someone posted a chatlog earlier, is it the same as that?) I think the juxtaposition of reactions on this forum is interesting. Website owner steals investor funds but selectively refunds to some people, this forum is doxing people left and right, calling ex-girlfriends of people who may or may not be involved, etc. But some guy steals through an exploit and also doesn't take everything, and he's heralded as a saint. What a commendable chap that he only stole some of the money!Could the perception of these two people be any more different? If this guy was such a good dude, he wouldn't have taken any of the money. He would have notified Ryan of the exploit so it could be patched and maybe asked for a reward, not help himself to it. Just my opinion though. I wouldn't go praising someone cuz they only stole a little bit.
|
|
|
|
J3VVL
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 02, 2014, 08:37:51 PM |
|
Does this mean he got was able to withdraw and keep 5 btc on account of the exploit?
Yes. He had used the exploit to get somewhere in the order of over 30 BTC in profit. He did withdraw his original deposit, plus 5 BTC as a bounty for finding the exploit. Had he wanted, he would have been allowed to withdraw up to 25 BTC which was the contents of the hot wallet. But being a decent guy he didn't even make an attempt to do so, something that I am very grateful for. I wouldn't call stealing 5 btc a decent action, or one who does it a decent person, just because he could have taken more. Stealing is stealing. The guy stole from you, and if you had investors yet, it would have been stealing from them. I understand you're grateful he didn't clean you out, but I'm still puzzled by your gushing praise for someone who is a thief. I was in the chat at the time, here's a chatlog. As you can see at 10:47 UTC foo was up >15 BTC and Ryan came online more than 2h later. He could've just withdrawn with a few clicks, but he didn't. He also send a support message to Ryan that explains how the exploit works, which allowed him to patch it fast. I still don't get it. I would've assumed anybody in his position would clean the hot wallet. Chatlog link doesn't load anything. Is it me or the link? (Also, someone posted a chatlog earlier, is it the same as that?) I think the juxtaposition of reactions on this forum is interesting. Website owner steals investor funds but selectively refunds to some people, this forum is doxing people left and right, calling ex-girlfriends of people who may or may not be involved, etc. But some guy steals through an exploit and also doesn't take everything, and he's heralded as a saint. What a commendable chap that he only stole some of the money!Could the perception of these two people be any more different? If this guy was such a good dude, he wouldn't have taken any of the money. He would have notified Ryan of the exploit so it could be patched and maybe asked for a reward, not help himself to it. Just my opinion though. I wouldn't go praising someone cuz they only stole a little bit. dooglus will formulate a legit explaination i'm sure!!! ROTFLMFAO
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
December 02, 2014, 08:53:24 PM |
|
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
J3VVL
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 02, 2014, 08:58:34 PM |
|
(troll post)
nicely played mr sock puppet!
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
December 02, 2014, 09:00:55 PM |
|
As for being unable to imagine someone having the opportunity to steal coins and not stealing them, that is just sad.
You're saying not only that you would have cleaned out the whole hot wallet in his situation, but that you can't imagine anyone existing who wouldn't do the same.
The guy who found the exploit in MoneyPot claims to make a living from finding exploits. In my experience it is hard to get paid properly for an exploit, so he helped himself to what he considered his work to be worth. That's questionable morally, of course, but he put a lot of work into developing the exploit code and wanted to make sure he was suitably rewarded for it. He reported it to MoneyPot in a responsible manner, and shared his exploit code once it was fixed.
In MoneyPot's position I would probably be feeling pretty stupid for leaving the site vulnerable like that, and relieved that the hole was fixed without causing serious damage to the site's bankroll.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
J3VVL
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 02, 2014, 09:36:25 PM |
|
As for being unable to imagine someone having the opportunity to steal coins and not stealing them, that is just sad.
You're saying not only that you would have cleaned out the whole hot wallet in his situation, but that you can't imagine anyone existing who wouldn't do the same.
The guy who found the exploit in MoneyPot claims to make a living from finding exploits. In my experience it is hard to get paid properly for an exploit, so he helped himself to what he considered his work to be worth. That's questionable morally, of course, but he put a lot of work into developing the exploit code and wanted to make sure he was suitably rewarded for it. He reported it to MoneyPot in a responsible manner, and shared his exploit code once it was fixed.
In MoneyPot's position I would probably be feeling pretty stupid for leaving the site vulnerable like that, and relieved that the hole was fixed without causing serious damage to the site's bankroll.
so it was you? lol u r a funny guy
|
|
|
|
|