Bitcoin Forum
November 04, 2024, 11:34:54 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: OFFICIAL DICEBITCO.IN ANNOUNCEMENT ABOUT THE SKIPPED NONCES INCIDENT  (Read 5509 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
Martijnvdc
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
September 20, 2014, 09:21:21 AM
 #21

Even IF it wasn't one big scam, why would people trust you with money again after such big mistakes?
I lost 85% of my investment in this website, and the owner won't refund me because i was ""positively affected""...
Mateo was still playing with my invested money when i divested the little bit i had left. So i don't see how i wouldn't be refunded, if this security issue is the cause of it.
The responses i got from their ticket system were VERY shady to say the least.
DiceBitcoin (OP)
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile WWW
September 20, 2014, 11:01:50 AM
 #22


I've broken down these arguments in the past, the crux of it is dicebitco.in isn't anonymous and doesn't want to go to jail or be hunted after. I stand by everything I said including the part about the 1000 coins.

That is the most stupid thing i ever heared in the whole DB saga. You really believe im not anonymous, and "i am afraid of been hunted or go to jail"? lol. At this point i really dont know if you do believe this, or you simply try to use this argument because you still cant accept the fact we are refunding.

tl;dr you are trully stupid if you think FEAR is the reason im doing this. Only thing scares me is human stupidity, and you man take it in another level. Like seriously, bring it on.

Even IF it wasn't one big scam, why would people trust you with money again after such big mistakes?
I lost 85% of my investment in this website, and the owner won't refund me because i was ""positively affected""...
Mateo was still playing with my invested money when i divested the little bit i had left. So i don't see how i wouldn't be refunded, if this security issue is the cause of it.
The responses i got from their ticket system were VERY shady to say the least.

Get your facts right. We will not refund you because you were not affected by this, only certain players(less than 20 ) got affected. You lost because you pulled our your investment by divesting when you were in minus. If you didnt divest, you would never lose those coins(but made a nice extra as well).

DiceBitco.in| Be The Bank | Dice as it should be !
Martijnvdc
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
September 20, 2014, 11:41:29 AM
 #23

Get your facts right. We will not refund you because you were not affected by this, only certain players(less than 20 ) got affected. You lost because you pulled our your investment by divesting when you were in minus. If you didnt divest, you would never lose those coins(but made a nice extra as well).
Mateo was STILL PLAYING against MY investment. He was CHEATING me out of MY money. You didn't halt gambling while the cheating was going on at all. Explain to me how this is not a SCAM.
You are a shameless scammer. It's as simple as that.
WhatTheGox
Legendary
*
Offline Offline

Activity: 812
Merit: 1000



View Profile
September 20, 2014, 11:43:50 AM
 #24


Crazy situation  Undecided
DiceBitcoin (OP)
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile WWW
September 20, 2014, 12:29:56 PM
 #25

Mateo was STILL PLAYING against MY investment. He was CHEATING me out of MY money. You didn't halt gambling while the cheating was going on at all. Explain to me how this is not a SCAM.
You are a shameless scammer. It's as simple as that.

You are wrong. The gambling WAS HAULTED when the incident found(all accounts turned into invest-only) and reinstated betting only when we made sure the malicious code is not in place. Also, mateo didnt play that particular day, but almost 24h~ after the inicdent. It was your choice to leave your coins invested or divest them when you were losing(invest/divest was never haulted, same as withdrawals).

DiceBitco.in| Be The Bank | Dice as it should be !
AirFlame
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500



View Profile
September 20, 2014, 12:43:41 PM
Last edit: September 20, 2014, 01:03:07 PM by AirFlame
 #26

Don't see why on Earth anyone would deal with you from this point onwards.

Good luck trying to regain people's trust after potentially scamming over a thousand coins.

You had a bug in Your primedice and people was deceived. Wait how many was it ?

Quote
around 37,500 bets were settled as losses when they should have been wins...

https://bitcointalk.org/index.php?topic=208986.msg8441727#msg8441727
Martijnvdc
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
September 20, 2014, 12:44:21 PM
 #27

Mateo was STILL PLAYING against MY investment. He was CHEATING me out of MY money. You didn't halt gambling while the cheating was going on at all. Explain to me how this is not a SCAM.
You are a shameless scammer. It's as simple as that.

You are wrong. The gambling WAS HAULTED when the incident found(all accounts turned into invest-only) and reinstated betting only when we made sure the malicious code is not in place. Also, mateo didnt play that particular day, but almost 24h~ after the inicdent. It was your choice to leave your coins invested or divest them when you were losing(invest/divest was never haulted, same as withdrawals).
YOU ARE LYING.
He won almost all his bets... Against a negative bankroll... This site is STILL RIGGED.
You should have halted the gambling and sent the investor's money to their emergency address once a security issue was found. Instead, you let the gambling continue, and even THEN you still let Mateo withdraw his money. You continued the gambling without a deep inspection into your source code.
How can you lie about what happened when there were so many people watching it all happen??

Also, i believe it would be your moral obligation to halt the gambling until all investors could at least be given the time to log into their accounts. I wasn't even given a chance or even a warning email of what happened. A gambler won UNFAIRLY against my investment, and somehow it's my fault for not divesting WHILE he was cheating??

Your actions show nothing but the intent to steal money from the investors and get away with it.
DiceBitcoin (OP)
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile WWW
September 20, 2014, 12:58:49 PM
 #28


YOU ARE LYING.
He won almost all his bets... Against a negative bankroll... This site is STILL RIGGED.
You should have halted the gambling and sent the investor's money to their emergency address once a security issue was found. Instead, you let the gambling continue, and even THEN you still let Mateo withdraw his money. You continued the gambling without a deep inspection into your source code.
How can you lie about what happened when there were so many people watching it all happen??

Also, i believe it would be your moral obligation to halt the gambling until all investors could at least be given the time to log into their accounts. I wasn't even given a chance or even a warning email of what happened. A gambler won UNFAIRLY against my investment, and somehow it's my fault for not divesting WHILE he was cheating??

Your actions show nothing but the intent to steal money from the investors and get away with it.

Get your facts right. He didnt win almost all his bets, plus he ended up busting big time(lost all he won + more). Against a negative bankroll..? What is negative bankroll? mateos' first withdrawal wasnt done automatically. We went though all his bets and they were legit. He also had randomzied his server seed, so it was impossible for him to cheat. Simple as that. As far as the"continued gambling" we did only after we inspected the code, isolated the malicious code and made 1000% sure it works as it should. Calling the site STILL RIGGED will just get you a negative trust next time you post, without facts. And thats the last time i answer to you. I am sorry you divested when in loss, but the gambler did NOT win unfairly against your investment, since he had no access to server seeds. You miss the point that from this whole fiasco, the OJLY people that had a profit out of this were investors. Neither we or users with known server seeds.

DiceBitco.in| Be The Bank | Dice as it should be !
Martijnvdc
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
September 20, 2014, 01:11:54 PM
 #29


YOU ARE LYING.
He won almost all his bets... Against a negative bankroll... This site is STILL RIGGED.
You should have halted the gambling and sent the investor's money to their emergency address once a security issue was found. Instead, you let the gambling continue, and even THEN you still let Mateo withdraw his money. You continued the gambling without a deep inspection into your source code.
How can you lie about what happened when there were so many people watching it all happen??

Also, i believe it would be your moral obligation to halt the gambling until all investors could at least be given the time to log into their accounts. I wasn't even given a chance or even a warning email of what happened. A gambler won UNFAIRLY against my investment, and somehow it's my fault for not divesting WHILE he was cheating??

Your actions show nothing but the intent to steal money from the investors and get away with it.

Get your facts right. He didnt win almost all his bets, plus he ended up busting big time(lost all he won + more). Against a negative bankroll..? What is negative bankroll? mateos' first withdrawal wasnt done automatically. We went though all his bets and they were legit. He also had randomzied his server seed, so it was impossible for him to cheat. Simple as that. As far as the"continued gambling" we did only after we inspected the code, isolated the malicious code and made 1000% sure it works as it should. Calling the site STILL RIGGED will just get you a negative trust next time you post, without facts. And thats the last time i answer to you. I am sorry you divested when in loss, but the gambler did NOT win unfairly against your investment, since he had no access to server seeds. You miss the point that from this whole fiasco, the OJLY people that had a profit out of this were investors. Neither we or users with known server seeds.
Great. So where is YOUR proof of not being Mateo then?
Also, you went through all his bets, which skipped nonces, and somehow you considered those to be legit? If he skips nonces then he is cheating and you shouldn't have paid him his "winnings". You're not implying he wasn't cheating, right?
Go ahead and give me negative feedback. Threatening other people on here won't improve your trust at all. If this is how you work then i honestly don't see how anyone would ever trust you with a single bitcent ever again. You have proven to be completely incompetent of running this website responsibly. Tell me, what is the emergency address for?? Was there even any source code in place that would send to those addresses in case of an emergency?
Go ahead and give an honest man negative feedback. Go right ahead.

Also, a negative bankroll is a bankroll where there is a minus-sign in front of it...
jaysabi
Legendary
*
Offline Offline

Activity: 2044
Merit: 1115


★777Coin.com★ Fun BTC Casino!


View Profile
September 20, 2014, 02:37:31 PM
 #30

BR can't be negative. Once it's zero, there's nothing to bet against. Profit was negative, not bankroll.

Can we lock this thread and direct all comments to the longer thread already dealing with this topic? There doesn't need to be two discussions about the same topic going on, that just leads to confusion and missing information and people saying the same things in two different places.

suchmoon
Legendary
*
Offline Offline

Activity: 3850
Merit: 9070


https://bpip.org


View Profile WWW
September 20, 2014, 03:26:11 PM
 #31

Get your facts right. We will not refund you because you were not affected by this, only certain players(less than 20 ) got affected. You lost because you pulled our your investment by divesting when you were in minus. If you didnt divest, you would never lose those coins(but made a nice extra as well).

I think your own facts are not quite right. As was posted in the other thread, even if investors didn't divest they wouldn't have gained their coins back, let alone "extra".

Why don't you post a list of investors from before the shitstorm, and exactly how much each of them divested/invested/lost/gained since then.
robhimself
Full Member
***
Offline Offline

Activity: 154
Merit: 100

Calling out scams, one HYIP at a time...


View Profile
September 20, 2014, 03:56:01 PM
 #32

Get your facts right. We will not refund you because you were not affected by this, only certain players(less than 20 ) got affected. You lost because you pulled our your investment by divesting when you were in minus. If you didnt divest, you would never lose those coins(but made a nice extra as well).

I think your own facts are not quite right. As was posted in the other thread, even if investors didn't divest they wouldn't have gained their coins back, let alone "extra".

Why don't you post a list of investors from before the shitstorm, and exactly how much each of them divested/invested/lost/gained since then.

The thing I'm most curious about is who were these investors who saw the shitstorm that was DBC and still decided to go and invest new coins during it, just in time to catch Mateo dumping back what he had won before. That's the problem here, the owner could easily be Mateo and also be most of the investment on the site right now. So he sacrificed some BTC to the few legit investors still in on the site in order to gain back trust for an even bigger Mateo (or likely some new account) win in the future.

dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
September 20, 2014, 04:38:31 PM
 #33

Good luck trying to regain people's trust after potentially scamming over a thousand coins.

I stand by everything I said including the part about the 1000 coins.

I don't think I understand. What 1000 coins are you talking about here?

I see two ways to interpret your "potentially" here:

1) Are you saying they had the potential to steal 1000 BTC? If so, the number is more like 7000, since that's what was in the bankroll that they could have stolen (but instead they allowed investors to withdraw almost all of it).

2) Or are you saying that you think they actually stole 1000 BTC? If so, how? Even if "Mateo" was a site player, he lost more than he won, and it was less than 1000 BTC.

Neither way makes much sense to me. Could you be clearer about what you're actually accusing them of?

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
grux
Member
**
Offline Offline

Activity: 67
Merit: 10


View Profile
September 20, 2014, 06:27:05 PM
 #34

In around 24hrs past the incident, the bankroll shrinked from 7500 coins to ~1700. Then,we had one user, mateo, which was hitting the bankroll non stop for almost 12hrs more, eating almost 600 BTC of profit (site was ~288 BTC profit prior to the 7th of September and around -320 BTC when mateo stopped playing).. Lot of speculation exists as well around that user, so please allow me to elaborate. User mateo was registered on 2014-08-06 18:22:05 and before the incident of 7th of September was -33 BTC in total. The date he registered the other developer was not hired yet, so it is impossible that it was him. The new hire had no access to the database (or to the production server) which means that it is impossible for him to know other users’ seeds. On top of that, mateo did randomize his rolls before he goes on with his crazy streak (my guess would be to verify if he got affected by the malicious code - btw he was not affected). Given all those facts there is 0% chance it could be someone that knew the server seed and played against it. When he asked for a withdrawal when done, we are left astonished with that run (like we didn’t have enough shit already to deal with). We postponed his withdrawal for several hours. We went through his rolls again and again, we searched every possible way of ”cheating”. Everything was legit, so we paid him out.

If he didn't have access to production/database servers, but could upload code himself unchecked, what makes you guys think he wouldn't add any query or even a URL that reveals the auth details or seeds for himself?

I imagine anyone with access and ability to upload unchecked code can do the following:
  • Read out the authentication details used to connect to the database/wallet
  • Run a query to look up seeds
  • Intercept passwords before they are hashed and checked against database
  • Forge tokens/cookies and log into another's account
  • Change/delete entire tables of the database
  • Increase or decrease balances of any user

Why are you guys even assuming that seeds, passwords, and server are safe? Isn't it time for a full system seed and password change?

Are you guys just making up this whole "employee" story? Are you guys this inexperienced?
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
September 20, 2014, 06:41:50 PM
 #35

If he didn't have access to production/database servers, but could upload code himself unchecked, what makes you guys think he wouldn't add any query or even a URL that reveals the auth details or seeds for himself?

They've addressed this before.

He couldn't upload code himself. They uploaded his code for him without properly testing it. When they found out that his code was malicious they backed out his change.

While the code was in place he could potentially have grabbed a server seed, but apparently he randomized after his change was backed out, meaning he no longer had a way of reading his seeds.

I think that's how it goes, anyway.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
grux
Member
**
Offline Offline

Activity: 67
Merit: 10


View Profile
September 20, 2014, 07:06:10 PM
 #36

If he didn't have access to production/database servers, but could upload code himself unchecked, what makes you guys think he wouldn't add any query or even a URL that reveals the auth details or seeds for himself?

They've addressed this before.

He couldn't upload code himself. They uploaded his code for him without properly testing it. When they found out that his code was malicious they backed out his change.

While the code was in place he could potentially have grabbed a server seed, but apparently he randomized after his change was backed out, meaning he no longer had a way of reading his seeds.

I think that's how it goes, anyway.

We cannot assume this is the case, he may have randomized his own seed, but we're ignoring the true danger here. He may know the seeds to many whales or to even other accounts he has that DB doesn't know about. And the seed isn't the only vector here for such a disastrous situation.
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
September 20, 2014, 07:13:42 PM
 #37

We cannot assume this is the case, [...]

I wasn't assuming anything. I was repeating what I think is the "official story".

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
BusyBeaverHP
Full Member
***
Offline Offline

Activity: 209
Merit: 100


View Profile
September 20, 2014, 07:48:58 PM
Last edit: September 20, 2014, 08:00:14 PM by BusyBeaverHP
 #38

I had 0.01 invested in DiceBitco.in and was fortunate enough to immediately withdraw that Sunday after hearing about the skipped nonce incident. My observation of the events:

1. Skipped nonces -  A high roller (finnile) discovered he was losing due to skipped nonces that targeted only winning bets.

2. More high rollers noticed the cheat - The skipped nonce bug targeted high rollers.

3. Site owner's response - They claimed that the code was implemented by a new employee.
However, the statement manl put out a day earlier contradicted this: there was no new employee.
Didn't GHash.io blame a new employee for their double-spending incident as well?

4. Investors are alarmed. Bankroll plummeted from 7000 BTC down to less than 2000 BTC. I divested and withdrew at this point.

5. Owners disable DiceBitco.in's peer bet verification and chat lobby.
There is absolutely no reason to hide betting verification other than to cheat.

6. Enter "mateo".

7. Using a few thousand 49.5% bets, mateo turned a +300 positive bankroll into -300. Nobody can verify his rolls.
What is the probability that a high roller shows up out of nowhere and sweep the bankroll shortly after betting verification is disabled?

8. The site owner then goes completely silent for two weeks.

Everyone can come to their own conclusions at this point.
suchmoon
Legendary
*
Offline Offline

Activity: 3850
Merit: 9070


https://bpip.org


View Profile WWW
September 20, 2014, 08:52:39 PM
 #39

We cannot assume this is the case, [...]

I wasn't assuming anything. I was repeating what I think is the "official story".

There is one aspect of that story that's still bothering me (well there is more than one TBH, but I'm trying to pretend now that it's true). They said the the rogue employee "had to chose manually which player to ‘cheat’". How did he do that if he didn't have access to the production database? Some kind of a backdoor in the UI? All we've seen was two or three lines of code that don't really explain much. I think at the very least DB should have published the whole commit. This is one of those things that would have gone a long way towards credibility.
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
September 20, 2014, 09:21:32 PM
 #40

There is one aspect of that story that's still bothering me (well there is more than one TBH, but I'm trying to pretend now that it's true). They said the the rogue employee "had to chose manually which player to ‘cheat’". How did he do that if he didn't have access to the production database? Some kind of a backdoor in the UI? All we've seen was two or three lines of code that don't really explain much. I think at the very least DB should have published the whole commit. This is one of those things that would have gone a long way towards credibility.

Good point.

The three line screenshot didn't really show anything. Could we see the whole diff he submitted? The condition for when to apply the nonce-skip would be interesting. I too wonder how the rogue employee was able to chose manually which players to cheat when he didn't have access to the db.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Pages: « 1 [2] 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!