100 BTC was stolen from my Primedice account. Please see thread.

[DiceMiner]

Hello all,
I have been newly active on Primedice during the past few weeks. With the closing of JD, I was looking for another honest, off-chain game to continue rolling. Primedice was great and I had a lot of success there until recently.

Earlier today, I deposited 100 BTC into my account to start playing. (I always make it a habit to put my coins back into my wallet after playing on any site.) Usually my account is credited after 1 confirmation and everything is good-to-go. Well initially, things were looking like they usually do, and my account promptly reflected my new balance. Then I place my first bet and I get an "Insufficient Funds" warning at the top. Mind, you this is happening while my balance shows "100.00120000 BTC." I refreshed the page a few times and afterwards, the balance showed pretty much zero again (0.00120000 BTC worth of dust).

Just to be safe, I even tried logging in and out. Nothing. I hit up the Mod on duty in the chat room and he is unable to help. I have sent an email to support so let's see what they say. I am trying to keep calm, but an annual salary worth of BTC has vanished.

Also, here is the TXID for the deposit in question:
https://blockchain.info/tx/e3baf6d62cbd003632204cd40e82c6e40e55c4a50b2d93e89585ec1ca7fffac1

If any of you more technical guys can get forensic with the blockchain info, ANY help is appreciated. Stunna, if my coins are just stuck somewhere on your site, please return them and I'll be on my merry way. In the meantime:

BE CAREFUL WHEN DEPOSITING YOUR COINS HERE!


This is being discussed and the current theory, based on what we know so far, is that this was the work of a thief on the outside. He probably took advantage of my weak password and then camped out on my account and waited for a large deposit and then quickly withdrew my coins right after confirmation (and before my first bet).

All info is still pending as we await Stunna's post with the complete story.


One thing that is absolutely true is PrimeDice's new security features as a result of this theft. Now there is 2FA which adds and additional layer of security to an already safe site.

[1714129793]

1714129793

[1714129793]

1714129793

[Wendigo]

Why would you deposit 100 btc at once? Did you roll all of them with the first roll?

[superSTAR777]

i am sure you will get your coins , also please send a message to stunna here .

[galbros]

I am sorry you seem to have lost your coins.  I'm sure Stunna will come through for you if it is a site glitch.  I did also see something on the main primedice thread about a corrupt bot or something that was stealing coins.  You haven't downloaded any PD betting bots, right?

Good Luck and I hope your coins turn up.

[yraskk]

IMO Pretty much sounds like a technical glitch which is possible with the new software that had few issues until now. anyways a 100 BTC deposit at a time? are you the "Miner" that has been milking few dice sites dry   ?

[jbrnt]

If you have proof of your deposit, and the logs of your played rolls, I am sure Stunna will sort it out. May be you should PM him directly.

[wadili89]

primedice has just try to scam you. if you not open a topic here, they wouldnt pay your money
obvious scam. i think we should not play on this scam site

[fatguyyyyy]

I don't think there is any attempt of scam. Just a technical bug, if admin see this he will give your btcs back!

[Wusolini]

100 BTC to dice game ... are you kidding...? you probably want to lose, more then win.

if its true, you will get the coins back. I assume admin didn't expect such a high deposit  

[grux]

You didn't fall for yesterday's "exploit" or use a phishing site like primedice3.com did you? I'd check your transactions if I were you...

[Chemistry1988]

Have you tried sending Stunna a PM or sending an email to support@primedice.com and ask them to check for the problem?

[Stunna]

I'm just barely awake but  I'll  take a look into this right now.

EDIT: I've replied to your email.


EDIT2: This issue has been resolved, It is up to OP to decide whether or not he wants to disclose the details of what occurred.

Conclusion posted here: https://bitcointalk.org/index.php?topic=791367.msg9086516#msg9086516

[wadili89]

you scammed 100 btc from him and now you blame him stunna? you cant behave like that to a customer that scammed 100 btc on your site.

[Stunna]

you scammed 100 btc from him and now you blame him stunna? you cant behave like that to a customer that scammed 100 btc on your site.

His funds were withdrawn here:

https://blockchain.info/tx/47c18d5c3448a713608e78abb9569263ef4d780648ccd5dceff04c325d116691/


What I'm wondering is if he ran any scripts in his console or has malware on his computer or was using a shared computer. All other high balance accounts still have their balances so I don't think any direct breach of PD occurred.

[wadili89]

how can we trust that address are not belong to pd? and you manually withdraw his coins. how can you easily blame customer as his own fault? how can you be that confident?

[Stunna]

how can we trust that address are not belong to pd? and you manually withdraw his coins. how can you easily blame customer as his own fault? how can you be that confident?

I'll look into this, the only reason I don't think it was a breach on our part is due to the fact that all other large balances are sitting securely in our website still. Also these coins were withdrawn as soon as they credited on the account. My fear is that he either ran that script that was being spammed around or had some sort of malware. I'm not blaming anyone here though I'm just stating my concerns. Diceminer has deposited/cashed out 100 coins several times prior to this with success if I recall correctly so what I'm wondering is if anything changed with regards to his own personal security the past 24-48 hours as the only reports of something like this we've had recently were people who ran the "exploit". Not implying this is the case though, not enough information out there yet I'd like to have a full conversation with diceminer when he's back later.

some of that BTC withdrawn ended up tied with this other scam accusation read here https://bitcointalk.org/index.php?topic=744692.0 attached to this address 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

Good find, I'll start investigating myself. Seems to be linked to a cloud mining scam. What I'm wondering is if he used the same password he uses on PD with one of those services.

[swaggg]

Highly doubt you were "scammed" 100 BTC, just a few weeks ago I deposited 80 BTC and withdrew 90 BTC after Stunna filled up the hot wallet to cover my withdraw. Did you have any PD bots installed? Try scanning your computer for malware

This looks like people trying to accuse PrimeDice of scamming, maybe a rival dice site? Anyone can easily deposit 100+ BTC and withdraw it and cry scam.

[swaggg]

I feel as if this could have all been avoided if 2-factor authentication was implemented in PD.

[MikeCorleone85]

Looks like he just ran them through a mixer and got them back... seems fishy

[Stunna]

Stunna look at his wallet transactions

02efdcd9a2146be13e68d9aab2fa7be0e1aa3e52e02f8af1d963711611562d072014-09-21 00:51:59
12UrtgL7XWbM6mMfZyzSgfEoVMFMDXdFta
   1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ 99.9999 BTC
99.9999 BTC
bb629e2788920421ff62f01f836f74c2aa77c6d257d751e2b74bc8f1a15edff42014-09-21 00:41:25
1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ
   12UrtgL7XWbM6mMfZyzSgfEoVMFMDXdFta 100 BTC
-100.0001 BTC

He sent 100 BTC to you then just 10 minutes later looks like he got the 100 BTC from the address he sent it to.

Is that your Address? if so he is trying to scam

12UrtgL7XWbM6mMfZyzSgfEoVMFMDXdFta belongs to us.

[Stunna]

Looks like he just ran them through a mixer and got them back... seems fishy

Ya he's a scammer no doubt. 100 BTC to an address then 10 minutes later he get's 99.99 BTC back.

He's trying to fuck you over Stunna. Slam his lying ass with the red trust paint.

Edit: Probably a rival casino that hates you.

I could be viewing this wrong but I don't think that's the case. I think you are looking at this incorrectly, it looks like those were previous transactions.

[Stunna]

Looks like he just ran them through a mixer and got them back... seems fishy

Ya he's a scammer no doubt. 100 BTC to an address then 10 minutes later he get's 99.99 BTC back.

He's trying to fuck you over Stunna. Slam his lying ass with the red trust paint.

Edit: Probably a rival casino that hates you.

I could be viewing this wrong but I don't think that's the case. I think you are looking at this incorrectly, it looks like those were previous transactions.

Look at this link to his wallet transactions.  https://blockchain.info/address/1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ

17:28:25 - 21/09/14   100.00000000 BTC

This is the time of the claimed stolen cashout. The transaction of 100 leaving and 99.99 returning are from 10+ hours earlier it seems. I think he's genuinely been stolen from so it isn't fair to jump to that sort of conclusion.

[Daanie]

i do know my deposit wallet addresses transacts btc sometimes (not me) but i guess that's just a way to pay people.

[swaggg]

Looks like he just ran them through a mixer and got them back... seems fishy

Ya he's a scammer no doubt. 100 BTC to an address then 10 minutes later he get's 99.99 BTC back.

He's trying to fuck you over Stunna. Slam his lying ass with the red trust paint.

Edit: Probably a rival casino that hates you.

I could be viewing this wrong but I don't think that's the case. I think you are looking at this incorrectly, it looks like those were previous transactions.

Look at this link to his wallet transactions.  https://blockchain.info/address/1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ

17:28:25 - 21/09/14   100.00000000 BTC

This is the time of the claimed stolen cashout. The transaction of 100 leaving and 99.99 returning are from 10+ hours earlier it seems. I think he's genuinely been stolen from so it isn't fair to jump to that sort of conclusion.

If that's true and his coins were stolen, what's the course of action? I don't know how one can prove that they had their BTC stolen from their account unless you have IP logs.

[Stunna]

Looks like he just ran them through a mixer and got them back... seems fishy

Ya he's a scammer no doubt. 100 BTC to an address then 10 minutes later he get's 99.99 BTC back.

He's trying to fuck you over Stunna. Slam his lying ass with the red trust paint.

Edit: Probably a rival casino that hates you.

I could be viewing this wrong but I don't think that's the case. I think you are looking at this incorrectly, it looks like those were previous transactions.

Look at this link to his wallet transactions.  https://blockchain.info/address/1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ

17:28:25 - 21/09/14   100.00000000 BTC

This is the time of the claimed stolen cashout. The transaction of 100 leaving and 99.99 returning are from 10+ hours earlier it seems. I think he's genuinely been stolen from so it isn't fair to jump to that sort of conclusion.

If that's true and his coins were stolen, what's the course of action? I don't know how one can prove that they had their BTC stolen from their account unless you have IP logs.

I can scramble the developers and we can do a full check of everything.

Current info:

<18:23:05> "Dev": here's what we know so far about 100 btc thing
<18:23:10> "Dev": it wasn't a glitch
<18:23:19> "Dev": it was using the dialog, or api
<18:32:24> "Dev": So it was user caused
<18:32:29> "Dev": there was withdraw out
<18:32:41> "Dev": no one accessed our servers to send it

Right now our hunch is still that some sort of malware/malicious code was involved or that diceminer had used that password somewhere else (potentially that cloudming service where the funds went). . This is a very significant amount of coins though so I'll continue to look into this and if it was indeed malware I'll keep tracking the coins and do what I can to aid in a potential recovery. There's no reason to believe that depositing or leaving funds on PD is dangerous though.



Also @otr the 17:28 cashout was the cashout not sent to his address. I could be wrong but it seems that he is indeed missing 100

This is where the 100 went : https://blockchain.info/address/1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs

[dooglus]

If that's true and his coins were stolen, what's the course of action? I don't know how one can prove that they had their BTC stolen from their account unless you have IP logs.

Generally there isn't any action. You had your coins stolen, and now they're gone.

Stunna can presumably tell OP the IP address that withdrew his coins. OP won't be able to prove that it wasn't him doing it. The scammer will have used an untraceable VPN, Tor, or some such.

The best that happens is that PrimeDice implements 2FA-on-withdraw to stop this happening to others in the future (this would have prevented last night's "exploit" attack too), and OP steps up his own security to stop this happening to himself in the future.

[dooglus]

17:28:25 he has no transactions at that time on his wallet....what are you looking at? he has 3 transactions today

That's the whole problem. The last 100 BTC withdrawal didn't go to his wallet, they went to the thief's wallet.

You're seeing two old transactions (OP deposits and then withdraws 100 BTC) and one new one (OP deposits 100 BTC). You're not seeing the 4th transaction (OP has 100 BTC stolen) because that one didn't go to his wallet.

Get it now?

[Stunna]

If that's true and his coins were stolen, what's the course of action? I don't know how one can prove that they had their BTC stolen from their account unless you have IP logs.

Generally there isn't any action. You had your coins stolen, and now they're gone.

Stunna can presumably tell OP the IP address that withdrew his coins. OP won't be able to prove that it wasn't him doing it. The scammer will have used an untraceable VPN, Tor, or some such.

The best that happens is that PrimeDice implements 2FA-on-withdraw to stop this happening to others in the future (this would have prevented last night's "exploit" attack too), and OP steps up his own security to stop this happening to himself in the future.

Will work on implementing 2fa now, it is up to the users to make use of it though.

[swaggg]

If that's true and his coins were stolen, what's the course of action? I don't know how one can prove that they had their BTC stolen from their account unless you have IP logs.

Generally there isn't any action. You had your coins stolen, and now they're gone.

Stunna can presumably tell OP the IP address that withdrew his coins. OP won't be able to prove that it wasn't him doing it. The scammer will have used an untraceable VPN, Tor, or some such.

The best that happens is that PrimeDice implements 2FA-on-withdraw to stop this happening to others in the future (this would have prevented last night's "exploit" attack too), and OP steps up his own security to stop this happening to himself in the future.

Yeah, if PD is having high rollers depositing this much then there's no reason 2FA shouldn't be implemented. Tons of other gambling sites have 2FA added.

[dooglus]

So he deposited 200 BTC according to his wallet transactions today and withdrew 100 BTC and is still missing 100 BTC?
It doesn't make any sense as to why he would deposit 100 then withdraw 100 10 minutes later then again send 100 and now claim a scam.

He already explained this:

(I always make it a habit to put my coins back into my wallet after playing on any site.)

It's not uncommon for people to withdraw at the end of each session so they know their coins are safe in case "something happens" while they're offline.

I don't know how his 10 minute session went. Maybe he lost his first bet, struggled for 10 minutes to get back to breakeven, managed it, then withdrew.

It certainly doesn't look suspicious to me.

[dooglus]

Will work on implementing 2fa now, it is up to the users to make use of it though.

It's nice if you can give users checkboxes for major actions, so they can pick which ones require 2FA authentication:

• login
• withdraw
• bet
• pvp
• tip

etc.

[Stunna]

So he deposited 200 BTC according to his wallet transactions today and withdrew 100 BTC and is still missing 100 BTC?
It doesn't make any sense as to why he would deposit 100 then withdraw 100 10 minutes later then again send 100 and now claim a scam.

He already explained this:

(I always make it a habit to put my coins back into my wallet after playing on any site.)

It's not uncommon for people to withdraw at the end of each session so they know their coins are safe in case "something happens" while they're offline.

I don't know how his 10 minute session went. Maybe he lost his first bet, struggled for 10 minutes to get back to breakeven, managed it, then withdrew.

It certainly doesn't look suspicious to me.

Yup, dooglus is most likely correct. This doesn't seem suspicious to me either, we shouldn't accuse diceminer of this sort of thing when there's really no reason for that to be the case.

If that's true and his coins were stolen, what's the course of action? I don't know how one can prove that they had their BTC stolen from their account unless you have IP logs.

Generally there isn't any action. You had your coins stolen, and now they're gone.

Stunna can presumably tell OP the IP address that withdrew his coins. OP won't be able to prove that it wasn't him doing it. The scammer will have used an untraceable VPN, Tor, or some such.

The best that happens is that PrimeDice implements 2FA-on-withdraw to stop this happening to others in the future (this would have prevented last night's "exploit" attack too), and OP steps up his own security to stop this happening to himself in the future.

Yeah, if PD is having high rollers depositing this much then there's no reason 2FA shouldn't be implemented. Tons of other gambling sites have 2FA added.

Going to aim to have 2fa done today.

[dooglus]

And for $40,000 worth of BTC you can bet your ass i would be waiting online for stunna to reply even if it took all night. Nothing is right about this accusation.

I don't think he's accusing anyone of anything. He's just saying he deposited 100 BTC and they vanished. That's quite possible, depending on OP's level of security awareness.

If 100 BTC disappeared from any of my gambling accounts you can bet your ass I would make a post about it!

Of course I would open a support ticket as well, but I would feel like people should be told, in case I was the first of many to be stolen from.

[superSTAR777]

one thing i dont understand is that the OP is not clearing that whether he used bot , script , etc or not , would make it simple if he tells .

[smith coins]

wow 100 BTC
that's gotta hurt ,good luck

[RocketSingh]

Hello all,
I have been newly active on Primedice during the past few weeks. With the closing of JD, I was looking for another honest, off-chain game to continue rolling. Primedice was great and I had a lot of success there until recently.

Earlier today, I deposited 100 BTC into my account to start playing. (I always make it a habit to put my coins back into my wallet after playing on any site.) Usually my account is credited after 1 confirmation and everything is good-to-go. Well initially, things were looking like they usually do, and my account promptly reflected my new balance. Then I place my first bet and I get an "Insufficient Funds" warning at the top. Mind, you this is happening while my balance shows "100.00120000 BTC." I refreshed the page a few times and afterwards, the balance showed pretty much zero again (0.00120000 BTC worth of dust).

Just to be safe, I even tried logging in and out. Nothing. I hit up the Mod on duty in the chat room and he is unable to help. I have sent an email to support so let's see what they say. I am trying to keep calm, but an annual salary worth of BTC has vanished.

Also, here is the TXID for the deposit in question:
https://blockchain.info/tx/e3baf6d62cbd003632204cd40e82c6e40e55c4a50b2d93e89585ec1ca7fffac1

If any of you more technical guys can get forensic with the blockchain info, ANY help is appreciated. Stunna, if my coins are just stuck somewhere on your site, please return them and I'll be on my merry way. In the meantime:

BE CAREFUL WHEN DEPOSITING YOUR COINS HERE!

100 BTC !!! WTF ? Life changing amount for some countries. Did u CPU mine those coins ?

[DiceMiner]

Thank you Stunna, for the prompt reply and your level-headed approach. Also, I appreciate Dooglus' input and rebuttals to otrkid70's USELESS crosstalk. Seriously dude, WTF is up your ass?? You seem incredibly wound up for something that does not involve you at all. And to answer your question about the PREVIOUS 100-in-100-out transaction, that was 10 minutes worth of play because that's all I usually need. I won 20 BTC in that session and then I cashed out right after. I did this 3 times with 2 accounts in the past few days. I did it manually, like I always do when playing large hands. Some people don't want to spend their entire lives rolling dice or refreshing Bitcointalk, waiting on replies. Get it?!


Regarding previous questions:
  (1A) My computer is not shared, I am the sole user.
  (2A) No script or bot was used to roll.
  (3A) My PD password has never been used elsewhere.
  (4A) No new plugins or software was added before the problem transaction.
  (5A) I have scanned for malware and no threats were found. Note: I am on a Mac.


So right now, can we agree on the following:
  (1B) "1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ" belongs to DiceMiner (my wallet address).
  (2B) "12UrtgL7XWbM6mMfZyzSgfEoVMFMDXdFta" belongs to Primedice.
  (3B) All 100 BTC were moved from PD's wallet to "1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs" instantly afterwards.
  (4B) Then, 21 & 29 BTC moved into "1AB5fAh4eUT3vLcYnzss5dAfuDznEbXRmT" & "1A1GYrx2qvPBr1PyqHJ5ibG6ECnJBcqey5" respectively.
  (5B) After landing in those two wallets, the entire balances were moved to "1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL" an address that has been referenced in a past scam accusation (https://bitcointalk.org/index.php?topic=744692.0). Thank you for that otrkid, that was actually useful.
  (6B) "1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs" , "1AB5fAh4eUT3vLcYnzss5dAfuDznEbXRmT" and "1A1GYrx2qvPBr1PyqHJ5ibG6ECnJBcqey5" do not belong to either DiceMiner or Primedice.


Some anomalies that may or may not be significant, but are certainly noteworthy:
  (1C) 0.03 BTC was mysteriously added into my PD balance recently (after the 100 BTC moved). There is no deposit shown that would account for this. Also, there has not been any recent rolling to win that amount in my absence.
  (2C) As I mentioned before, when I tried to place my first bet, the balance showed "100.0012 BTC". When I got the purple "Insufficient Funds" banner at the top, the amount still showed the same. Only after I refreshed, did the new "0 BTC" balance show.
  (3C) I have tested and it is possible to be simultaneously logged into the same PD account from multiple places. INCREDIBLY DISTURBING!
  (4C) Please view my screencapped video proving (1C):
https://www.youtube.com/watch?v=jd6itPeYcIY&list=UUe9n6OuOep645hrWmumIlyA
This will only make sense to Stunna, since he is privy to all my bet data.


My conclusions so far
   - Based on (1A) through (5A), the issue is not script or malware related.
   - (3B) and (5B) show possible forethought and deliberate action. So this is most probably not a glitch.
   - (1C) and (4C) demonstrates unauthorized activity still occurring on my account. (I don't know why somebody would deposit though...)
   - (3C) represents a DISASTROUS error in security. If somebody had your login info, they could theoretically withdraw your coins while you are playing! Perhaps this is what happened in (2C).


It is still too early to lay blame since so much is still unknown. Regardless, there are absolutely true, demonstrable problems with the site's security and accounting. One can easily test out the security issue by logging into their PD account from multiple computers or browsers at the same time. Two-factor will probably make this a non-issue soon, but it was possibly an important factor in the BS that has happened to me.

Anyhow, big thanks to Stunna for handling this like such a gentleman. Props to Dooglus and anybody else that has contributed. Sorry for the thesis...

[CoinCollect]

Why only problems come from PrimdeDice and why always people still playing there.

[dooglus]

My conclusions so far
   - Based on (1A) through (5A), the issue is not script or malware related.

I don't think that's a safe conclusion. Just because your malware scanner doesn't detect the malware doesn't mean it's not there. None of them are perfect. And being on a Mac doesn't mean you're safe.

One of the biggest whales on Just-Dice (LiKaShing) once had exactly the same thing happen, and said it must be JD's fault: he was on a Mac and couldn't find any malware so it couldn't be malware to blame. I don't think that follows.

Why only problems come from PrimdeDice and why always people still playing there.

That's easy, all dice sites have "problems". At Just-Dice we had several users get their accounts compromised and have their funds withdrawn.

[Stunna]

Thank you Stunna, for the prompt reply and your level-headed approach. Also, I appreciate Dooglus' input and rebuttals to otrkid70's USELESS crosstalk. Seriously dude, WTF is up your ass?? You seem incredibly wound up for something that does not involve you at all. And to answer your question about the PREVIOUS 100-in-100-out transaction, that was 10 minutes worth of play because that's all I usually need. I won 20 BTC in that session and then I cashed out right after. I did this 3 times with 2 accounts in the past few days. I did it manually, like I always do when playing large hands. Some people don't want to spend their entire lives rolling dice or refreshing Bitcointalk, waiting on replies. Get it?!


Regarding previous questions:
  (1A) My computer is not shared, I am the sole user.
  (2A) No script or bot was used to roll.
  (3A) My PD password has never been used elsewhere.
  (4A) No new plugins or software was added before the problem transaction.
  (5A) I have scanned for malware and no threats were found. Note: I am on a Mac.


So right now, can we agree on the following:
  (1B) "1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ" belongs to DiceMiner (my wallet address).
  (2B) "12UrtgL7XWbM6mMfZyzSgfEoVMFMDXdFta" belongs to Primedice.
  (3B) All 100 BTC were moved from PD's wallet to "1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs" instantly afterwards.
  (4B) Then, 21 & 29 BTC moved into "1AB5fAh4eUT3vLcYnzss5dAfuDznEbXRmT" & "1A1GYrx2qvPBr1PyqHJ5ibG6ECnJBcqey5" respectively.
  (5B) After landing in those two wallets, the entire balances were moved to "1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL" an address that has been referenced in a past scam accusation (https://bitcointalk.org/index.php?topic=744692.0). Thank you for that otrkid, that was actually useful.
  (6B) "1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs" , "1AB5fAh4eUT3vLcYnzss5dAfuDznEbXRmT" and "1A1GYrx2qvPBr1PyqHJ5ibG6ECnJBcqey5" do not belong to either DiceMiner or Primedice.


Some anomalies that may or may not be significant, but are certainly noteworthy:
  (1C) 0.03 BTC was mysteriously added into my PD balance recently (after the 100 BTC moved). There is no deposit shown that would account for this. Also, there has not been any recent rolling to win that amount in my absence.
  (2C) As I mentioned before, when I tried to place my first bet, the balance showed "100.0012 BTC". When I got the purple "Insufficient Funds" banner at the top, the amount still showed the same. Only after I refreshed, did the new "0 BTC" balance show.
  (3C) I have tested and it is possible to be simultaneously logged into the same PD account from multiple places. INCREDIBLY DISTURBING!
  (4C) Please view my screencapped video proving (1C):
https://www.youtube.com/watch?v=jd6itPeYcIY&list=UUe9n6OuOep645hrWmumIlyA
This will only make sense to Stunna, since he is privy to all my bet data.


My conclusions so far
   - Based on (1A) through (5A), the issue is not script or malware related.
   - (3B) and (5B) show possible forethought and deliberate action. So this is most probably not a glitch.
   - (1C) and (4C) demonstrates unauthorized activity still occurring on my account. (I don't know why somebody would deposit though...)
   - (3C) represents a DISASTROUS error in security. If somebody had your login info, they could theoretically withdraw your coins while you are playing! Perhaps this is what happened in (2C).


It is still too early to lay blame since so much is still unknown. Regardless, there are absolutely true, demonstrable problems with the site's security and accounting. One can easily test out the security issue by logging into their PD account from multiple computers or browsers at the same time. Two-factor will probably make this a non-issue soon, but it was possibly an important factor in the BS that has happened to me.

Anyhow, big thanks to Stunna for handling this like such a gentleman. Props to Dooglus and anybody else that has contributed. Sorry for the thesis...

I strongly appreciate your extremely reasonable reaction to the situation, we're going to do everything in our power to continue to investigate this. At this time I don't have reason to believe that there was any sort of breach of of your account on our side but if there was then you will be entitled to a refund. I'm going to continue to explore all possibilities with regards to this.

With regards to the 0.03 balance, it appears that was tipped to your account given that your tip profit is currently 0.03.
EDIT: The 0.03 is from our automated leaderboard daily reward, click the leaderboard tab and view the giveaway terms at the bottom.

As for the multiple location security issue, I don't feel this is an issue. The majority of services work this way as have all gambling services I've used, there aren't many websites that will lock you down to one IP or login as this could cause great inconveniences for the majority of users. 2FA will be up within 24 hours or so and should resolve this either way.

I'll be continuing my investigation tonight/tomorrow I'd like a chance to converse with you privately as well. I promise that I'm just as upset as you over this and understand that this is a substantial amount of funds and deserves a proper investigation.

I've sent you a PM so I can start gathering more information to aid the investigation.

Potential Cause
EDIT2: I also noticed you have the greasemonkey add on and need to know if you were running any scripts at the time and I'd like permission to review it if so. Greasemonkey runs scripts on site load which could have made it possible for someone to have thefted your balance. That's my current theory but I'd need more information from yourself of course. A Greasemonkey script could have withdrawn without using the UI which would have not caused the balance to lower. It's important for us to know if you are running any greasemonkey scripts at all currently even non PD ones.

[ndnh]

Final Balance   341.69961 BTC  

https://blockchain.info/address/1H53RfXyu59Wx3cyX8PBsJ6ZphJ5K1KGzJ

Wow  


Calculated how much i have: 0.00351185651% of that

[grux]

https://www.youtube.com/watch?v=jd6itPeYcIY&list=UUe9n6OuOep645hrWmumIlyA

I've noticed you've got greasemonkey installed on your browser. That can be used to run harmful Javascript. Are you 100%, checked your scripts, sure that it is not running an malicious scripts? Malware scan will not catch scripts that are running in greasemonkey that steal a balance.

[DiceMiner]

"Useless" cross talk gets answers and Explores possibilities. Wound up for something that doesn't involve me? How do you know that i don't play on that site and concerned with the outcome? It involves me when you post on a public forum that i'm a member of. Perhaps if you didn't want my useless crosstalk or my involvement you might want to consider a PM to stunna so i can't chime in.

You seem to Be more focused on pointing out problems with PD and their security than the $40,000 that was "Missing" Seems strange to me and i still doubt your story. How do we know you are not associated with the Address in the link i posted regarding the other scam? https://bitcointalk.org/index.php?topic=744692.0     This is where Crosstalk gets people asking questions and finds answers. Maybe the answers come back you are right or maybe the answers come back you are a liar?

The good thing about the Blockchain is that it can be traced from one address to another and eventually comes full circle.

By "useless" I mean the vitriol and half-assed assumptions you keep lobbing out there. You had one good point (that we all would have reached anyways) but you drowned it out with your spontaneous brainfarts. Besides, how any times can you change your mind in one day?

"Got my fingers crossed for you."
"100 BTC feel bad for OP"
"Is that your Address? if so he is trying to scam"  (learn to read a timestamp, dumbfuck)
"Ya he's a scammer no doubt."
"Nothing is right about this accusation."  (the only one doing any accusing is your sorry ass)
"I'll keep quiet and see how it unfolds. Good luck to both parties involved."

Schizophrenic much? Honestly, if I wanted to scam Stunna for 100 BTC, why would I make everything public? Why wouldn't I strictly deal with him in private (which I am also doing. Surprise. You DON'T know everything)? Why don't you do us all a favor and trace the coins through blockchain and find the real culprit?

And yes I did move the remaining coins out of my address to my Coinbase account. I am not crazy about people seeing my balance and when this is all through, I am going to make my business private again. Is that ok with you? Please tell us how this is related to the 2 topics you linked. Or better yet, don't say anything at all.

You strike me as the type of person to speak before they think. Your post history only reinforces this.  In truth, no matter how much you try to bullshit us, you really have no business here. You are just muddying the waters. Go back to the "insult me" topic where you shine. Grown-ups are talking here. Don't worry, one day you'll have a thread of your own.

TL;DR (since I know reading hurts yer noggin'): Come with something useful or just go away.

[CaMeRoNy]

@DiceMiner: Thumbs up

[DiceMiner]

With regards to the 0.03 balance, it appears that was tipped to your account given that your tip profit is currently 0.03.
EDIT: The 0.03 is from our automated leaderboard daily reward, click the leaderboard tab and view the giveaway terms at the bottom.

Potential Cause
EDIT2: I also noticed you have the greasemonkey add on and need to know if you were running any scripts at the time and I'd like permission to review it if so. Greasemonkey runs scripts on site load which could have made it possible for someone to have thefted your balance. That's my current theory but I'd need more information from yourself of course. A Greasemonkey script could have withdrawn without using the UI which would have not caused the balance to lower. It's important for us to know if you are running any greasemonkey scripts at all currently even non PD ones.

Thanks, I will redact all the stuff about the 0.03 BTC.

As far as the Greasemonkey scripts, I run:
  - Adblock Plus
  - Stylish
  - Dailymotion (re-add playlists)
  - the usual Quicktime, Shockwave, Java, Google Earth

Hope this helps. Ok it is late.

[statdude]

Anyone figure out where these funds landed and why?  1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

[grux]

As far as the Greasemonkey scripts, I run:
  - Adblock Plus
  - Stylish
  - Dailymotion (re-add playlists)
  - the usual Quicktime, Shockwave, Java, Google Earth

Hope this helps. Ok it is late.

Those are not greasemonkey scripts, Greasemonkey is an addon that lets you run any arbitrary javascript code to modify or change websites for personal benefit. Say you wanted to automatically fill a field with your name, hit a button every second, or run requests that bypass CSRF-protection on a withdraw API command.

Don't mean to sound like a jerk, are you completely sure you didn't download and install any scripts and are lying to us about it? Your lack of knowledge on Greasemonkey makes me wonder why you even have it installed.

[AirFlame]

Stylish if You downloaded the code from stylish it can be malware. There is a way to put a image background that is a link to a gif. in fact that gif is a php code that gather information about You. If You use this stylish stuff to some pages where You login Your login can be compromised. What stylish styles You use ? Make a list of them copy them all and place them on pastebin.com

Read this:

https://forum.userstyles.org/discussion/43719/x

If someone is able to put a track to stylish code i think more can be done.


And for Primedice i think 2FA should be done in the beginning of creating the page...

[Magicman420]

Ok let me explain my feeling on this.

I got "hacked" so to say the same way, I don't have any malware on my CPU its a iPad lol it's impossible I believe. Ok but as soon as I purchased coins on localbitcoins they were withdrawn 10 minutes later. Someone is breaching these sites somehow. I feel so bad for you bro I was sick for a week and it was only a bitcoin for me I can't imagine how you feel :/ keep your head up and remember the scammer will have terrible karma coming for him. It's a real thing don't worry

[ajareselde]

Ok let me explain my feeling on this.

I got "hacked" so to say the same way, I don't have any malware on my CPU its a iPad lol it's impossible I believe. Ok but as soon as I purchased coins on localbitcoins they were withdrawn 10 minutes later. Someone is breaching these sites somehow. I feel so bad for you bro I was sick for a week and it was only a bitcoin for me I can't imagine how you feel :/ keep your head up and remember the scammer will have terrible karma coming for him. It's a real thing don't worry

"I don't have any malware on my CPU its a iPad lol it's impossible I believe" 

... judging by this, you could be running a ton of mallware, and wouldnt know about it.
just coz u update AV and scans dont show anything doesnt mean you're not infected, it only means that the infection is still unknown to the AV/AM,
and thats the whole point of FUD viruses/mallware. Any threat can be obfuscated.

unlike yours, OP's problem is still relatively a mystery, so dont mix apple's and oranges.

[Magicman420]

Ok let me explain my feeling on this.

I got "hacked" so to say the same way, I don't have any malware on my CPU its a iPad lol it's impossible I believe. Ok but as soon as I purchased coins on localbitcoins they were withdrawn 10 minutes later. Someone is breaching these sites somehow. I feel so bad for you bro I was sick for a week and it was only a bitcoin for me I can't imagine how you feel :/ keep your head up and remember the scammer will have terrible karma coming for him. It's a real thing don't worry

"I don't have any malware on my CPU its a iPad lol it's impossible I believe" 

... judging by this, you could be running a ton of mallware, and wouldnt know about it.
just coz u update AV and scans dont show anything doesnt mean you're not infected, it only means that the infection is still unknown to the AV/AM,
and thats the whole point of FUD viruses/mallware. Any threat can be obfuscated.

unlike yours, OP's problem is still relatively a mystery, so dont mix apple's and oranges.

Didn't know I was mixing apples and oranges, excuse me was only trying to help.

[WhatTheGox]

Hope it works out well, you are in good hands with primedice though.

[AirFlame]

Try checking this:

Who is vulnerable?

Linux and OS X are vulnerable. Android not, unless you are running a custom rom.

http://www.reddit.com/r/Bitcoin/comments/2heu88/if_you_are_storing_bitcoins_on_a_linuxmac_system/

[jaysabi]

Was this issue ever resolved?

[RandyFolds]

Was this issue ever resolved?

Yes, his coins were stolen by someone and that's it. We will never find out what was really the case here.

[dooglus]

Was this issue ever resolved?

Apparently so, but I don't know how:

100 bitcoins 'vanished' from a PD account

That's already been solved, you can speak with the person who made the thread about what happened when he is willing to share it himself.

[jaysabi]

Was this issue ever resolved?

Yes, his coins were stolen by someone and that's it. We will never find out what was really the case here.

Do we know if it was malware? I know that was suggested, but have not seen anything definitive about it.

[Nobitcoin]

Interesting information what with Apple users saying that their computers are virus / malware free with this discovery you have to be careful whatever os your using... Feel for you 100btc is a lot to go missing 

[Stunna]

Interesting information what with Apple users saying that their computers are virus / malware free with this discovery you have to be careful whatever os your using... Feel for you 100btc is a lot to go missing  

All I can say is there is no issue with the security of primedice, I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

There are users who choose to store hundreds of coins on their account at one time and have had zero issues, if you have any fear just enable 2FA and as long as your PC is secure you should be good.

[DiceMiner]

Interesting information what with Apple users saying that their computers are virus / malware free with this discovery you have to be careful whatever os your using... Feel for you 100btc is a lot to go missing  

All I can say is there is no issue with the security of primedice, I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

There are users who choose to store hundreds of coins on their account at one time and have had zero issues, if you have any fear just enable 2FA and as long as your PC is secure you should be good.

Hi, OP here.
Stunna has been incredibly helpful in the situation so far. The current theory is that a thief must have compromised my account by brute-forcing my weak password. Since there would be no way for anyone on the outside to know exactly when I had been online at PD (since I did not make any bets or make my presence known in the chatroom on the day of the theft), they must have been monitoring the blockchain for large deposits from my personal wallet to my PD address somehow. Possibly through the use of some script? I have no clue...  

I have to hand it to the thief for having enough technical know-how and impeccable timing to pull off the withdrawal in the incredibly small (literally 2 minute) window between confirmation and my first attempted bet.

If anyone out there has seen this type of theft before, PLEASE LET US KNOW any details you have, as this is the first time I have seen anything like it.

Now that 2FA is available, hopefully this will be the last time.

Thanks,
DiceMiner

[dooglus]

I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

The current theory is that a thief must have compromised my account by brute-forcing my weak password.

I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?

Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.

[alabamafan1]

Sounds like Stunna had a bad day to the other bettors and decided to pull a fast one here honestly if thats the story.

[grux]

Interesting information what with Apple users saying that their computers are virus / malware free with this discovery you have to be careful whatever os your using... Feel for you 100btc is a lot to go missing  

All I can say is there is no issue with the security of primedice, I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

There are users who choose to store hundreds of coins on their account at one time and have had zero issues, if you have any fear just enable 2FA and as long as your PC is secure you should be good.

Hi, OP here.
Stunna has been incredibly helpful in the situation so far. The current theory is that a thief must have compromised my account by brute-forcing my weak password. Since there would be no way for anyone on the outside to know exactly when I had been online at PD (since I did not make any bets or make my presence known in the chatroom on the day of the theft), they must have been monitoring the blockchain for large deposits from my personal wallet to my PD address somehow. Possibly through the use of some script? I have no clue...  

I have to hand it to the thief for having enough technical know-how and impeccable timing to pull off the withdrawal in the incredibly small (literally 2 minute) window between confirmation and my first attempted bet.

If anyone out there has seen this type of theft before, PLEASE LET US KNOW any details you have, as this is the first time I have seen anything like it.

Now that 2FA is available, hopefully this will be the last time.

Thanks,
DiceMiner

Don't mean to prod, but you haven't answer my question from before about what greasemonkey scripts you are running. The "scripts" you named were browser plugins, not actual scripts that you paste into greasemonkey and run.

[Stunna]

I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

The current theory is that a thief must have compromised my account by brute-forcing my weak password.

I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?

Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.

It's because his password was not bruteforced, we have measures to prevent this and server logs indicate this wasn't the case at all. I'll post the full story tomorrow.

[DiceMiner]

I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

The current theory is that a thief must have compromised my account by brute-forcing my weak password.

I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?

Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.

It's because his password was not bruteforced, we have measures to prevent this and server logs indicate this wasn't the case at all. I'll post the full story tomorrow.

OP here again. Ok, according to Stunna and I's private convo, apparently this was not the case. Sorry for the misinformation. The more I learn, the more this just gets confusing. I was under the initial impression (based on our private correspondence) that you did not log login attempts at the time of the theft. On Sept 25th, Stunna wrote:

"We had minimal logging prior (on account creation) now we are logging on cashout."

But before I contribute to any more confusion again, I will wait until Stunna posts his new findings.

[DiceMiner]

Interesting information what with Apple users saying that their computers are virus / malware free with this discovery you have to be careful whatever os your using... Feel for you 100btc is a lot to go missing  

All I can say is there is no issue with the security of primedice, I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

There are users who choose to store hundreds of coins on their account at one time and have had zero issues, if you have any fear just enable 2FA and as long as your PC is secure you should be good.

Hi, OP here.
Stunna has been incredibly helpful in the situation so far. The current theory is that a thief must have compromised my account by brute-forcing my weak password. Since there would be no way for anyone on the outside to know exactly when I had been online at PD (since I did not make any bets or make my presence known in the chatroom on the day of the theft), they must have been monitoring the blockchain for large deposits from my personal wallet to my PD address somehow. Possibly through the use of some script? I have no clue...  

I have to hand it to the thief for having enough technical know-how and impeccable timing to pull off the withdrawal in the incredibly small (literally 2 minute) window between confirmation and my first attempted bet.

If anyone out there has seen this type of theft before, PLEASE LET US KNOW any details you have, as this is the first time I have seen anything like it.

Now that 2FA is available, hopefully this will be the last time.

Thanks,
DiceMiner

Don't mean to prod, but you haven't answer my question from before about what greasemonkey scripts you are running. The "scripts" you named were browser plugins, not actual scripts that you paste into greasemonkey and run.

Look I don't know what else to tell you. Honestly, I don't remember when I installed Greasemonkey, or exactly why. What I listed previously is what I am running now. If it were truly a malware problem, why would the thieves chose such a circuitous way of stealing my BTC? Why not take them directly from my wallet?

Anyhow, I am trying not to pollute this thread with any [possibly unrelated] cross-talk. If something minor jumps out at you, please let me or somebody know via IM. If you've found a smoking gun, please share.

[Bobblehead Pete]

So what is the conclusion about this? Any resolution given?

[dooglus]

So what is the conclusion about this? Any resolution given?

Stunna didn't want to post the story for some reason and asked OP to post instead, so OP posted, only OP doesn't seem to know the story, because he thought his password had been bruteforced, but Stunna says that isn't what happened, so now Stunna is going to post the true story tomorrow...

It sounds like PD was doing very little logging at the time of the attack, but despite that it's definitely not PD's fault, and there's nothing to worry about.

I think that's the story so far. Please correct me if I got anything wrong.

[ABitNut]

So what is the conclusion about this? Any resolution given?

Stunna didn't want to post the story for some reason and asked OP to post instead, so OP posted, only OP doesn't seem to know the story, because he thought his password had been bruteforced, but Stunna says that isn't what happened, so now Stunna is going to post the true story tomorrow...

It sounds like PD was doing very little logging at the time of the attack, but despite that it's definitely not PD's fault, and there's nothing to worry about.

I think that's the story so far. Please correct me if I got anything wrong.

DiceMiner's password may have been compromised from some other site/location. Social engineering seems as likely as a technical exploit. Especially since the attacker apparently knew when DiceMiner was playing. Figuring that out by social engineering is probably easier than doing it by technically breaking into either his system or into PD.

If his password was attacked directly it is not even clear if it was done on PD. Maybe the password was used in another place that is vulnerable. There are many unknowns, but it seems both Stunna and DiceMiner are constructive and working together to figure out what happened. So we may get a reasonable conclusion in this case. I commend them both on this.

[jaysabi]

One thing for sure is OP is handling this with poise. If I lost 100 btc I'd be out of my mind. I can't even fathom having 100 btc.

Not to belittle your loss, but I think you're taking it like a CHAMP.

[noma]

One thing for sure is OP is handling this with poise. If I lost 100 btc I'd be out of my mind. I can't even fathom having 100 btc.

Not to belittle your loss, but I think you're taking it like a CHAMP.

Absolutely true. Another guy lost 400 coins to DB because DB scammed him, and he didn't care much to go after their ass.

[liu405]

One thing for sure is OP is handling this with poise. If I lost 100 btc I'd be out of my mind. I can't even fathom having 100 btc.

Not to belittle your loss, but I think you're taking it like a CHAMP.

Absolutely true. Another guy lost 400 coins to DB because DB scammed him, and he didn't care much to go after their ass.

if it's true ,now ,how we believe the Safety of bitcoin which we are holding and  transfering?

[jaysabi]

I think the hacking of the private key is pretty much impossible. The vulnerabilities seem to come from malware that gets installed in your computer. Your bitcoins then are only as safe as your computer is. 

[Cyrax89721]

Just throwing a random thought out there regarding the social engineering aspect, especially since DiceMiner doesn't seem to be the only one that's been having a lot of BTC stolen recently.  The possibility that somebody behind another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.

[Tammy Chan]

One thing for sure is OP is handling this with poise. If I lost 100 btc I'd be out of my mind. I can't even fathom having 100 btc.

Not to belittle your loss, but I think you're taking it like a CHAMP.

Absolutely true. Another guy lost 400 coins to DB because DB scammed him, and he didn't care much to go after their ass.

if it's true ,now ,how we believe the Safety of bitcoin which we are holding and  transfering?

Just don't store your bitcoin in places where you have no private keys, such as exchanges and casinos.
If you really need to, only store them on highly trusted sites, and enable 2FA whenever possible.

[hermanhs09]

I'm sure Stunna will come through for you if it is a site glitch.

i am sorry

[moreia]

I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

The current theory is that a thief must have compromised my account by brute-forcing my weak password.

I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?

Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.

I doubt this was brute-forcing.  Brute-forcing is an extremely outdated way to access funds, how would he know this guy had 100BTC in his acct in the first place

My guess is you have been infected by a key logger, stealer or RAT, they've taken your password and gotten your BTC. I recommend you use 2auth next time you play on pd or in that case any dice site.

[dooglus]

another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.

That is a very good point. Don't use the same password twice. Use a password manager to generate a good strong unique password every time you sign up for a new site.

My guess is you have been infected by a key logger, stealer or RAT, they've taken your password and gotten your BTC. I recommend you use 2auth next time you play on pd or in that case any dice site.

If his machine is infected, 2FA probably won't help him.

The attacker's malware could simply change the withdrawal address on the fly right after the victim types his 2FA code and submits the withdrawal request.

[moreia]

another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.

That is a very good point. Don't use the same password twice. Use a password manager to generate a good strong unique password every time you sign up for a new site.

My guess is you have been infected by a key logger, stealer or RAT, they've taken your password and gotten your BTC. I recommend you use 2auth next time you play on pd or in that case any dice site.

If his machine is infected, 2FA probably won't help him.

The attacker's malware could simply change the withdrawal address on the fly right after the victim types his 2FA code and submits the withdrawal request.

Depends on what he's been infected with. RAT yes, other software don't have the power to do as you state
also doesn't matter how strong your password is, key loggers take your password via cookies so doesn't matter if it's a 100char with specials and caps it still can be stolen, just not brute forced (which as I said is extremely hard to do these days).

[dooglus]

another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.

That is a very good point. Don't use the same password twice. Use a password manager to generate a good strong unique password every time you sign up for a new site.

doesn't matter how strong your password is, key loggers take your password via cookies so doesn't matter if it's a 100char with specials and caps it still can be stolen, just not brute forced (which as I said is extremely hard to do these days).

I'm talking about using a different, non-guessable password on each site. Because if you use the same password on scamdice.com and primedice.com then the operator of scamdice can log your password when you log in there and try it on your primedice account.

Kind of off topic, but what do you mean by "key loggers take your password via cookies"?

If his machine is infected, 2FA probably won't help him.

The attacker's malware could simply change the withdrawal address on the fly right after the victim types his 2FA code and submits the withdrawal request.

Depends on what he's been infected with. RAT yes, other software don't have the power to do as you state

I would expect most malware has the ability to update itself or download and run arbitrary files, but maybe not. I figure once you're infected it's game over and the attacker can do whatever he likes on your machine.

[Cyrax89721]

An article of note that was published today.  Relevant since DiceMiner said he uses Mac.

http://finance.yahoo.com/news/hackers-found-flaw-macs-using-121808264.html

http://news.drweb.com/show/?i=5977&c=5&lng=en&p=0

[Vortex20000]

Full story... When?

[Vortex20000]

This site is scum and they will say its your own problem just go fuck yourself.
Stunna fuckin scammer and this not the first time.

Go away, die in a virtual hole, whatever.

[dooglus]

Full story... When?

I'm not sure which timezone Stunna is in, but here's what he wrote:

I'll post the full story tomorrow.

Edit: that was about 29 hours ago, so it's possible "tomorrow" runs for another 19 hours.

[kingscrown]

who keeps 100 BTC in casino account.......

[dooglus]

who keeps 100 BTC in casino account.......

He deposited 100 BTC with a view to making a few bets, maybe getting up to 120 BTC, and withdrawing.

He already said that he *doesn't* keep a balance in a casino account. He deposits, plays, and withdraws straight away.

Having said that, people do. One guy used to keep around 500 BTC in his Just-Dice account all the time. He never invested it - he just used the place like his web wallet. Probably not a good idea, but it worked out OK for him.

[kingscrown]

who keeps 100 BTC in casino account.......

He deposited 100 BTC with a view to making a few bets, maybe getting up to 120 BTC, and withdrawing.

He already said that he *doesn't* keep a balance in a casino account. He deposits, plays, and withdraws straight away.

Having said that, people do. One guy used to keep around 500 BTC in his Just-Dice account all the time. He never invested it - he just used the place like his web wallet. Probably not a good idea, but it worked out OK for him.

ah so it was short term. the nthis is even stranger case. why would malware steal from casino not his wallet

[dooglus]

ah so it was short term. the nthis is even stranger case. why would malware steal from casino not his wallet

I don't know how the theft happened, but if I had to guess I would say he used the same password on multiple sites. One of the sites was 'bad', logged his username and password, and tried it on a bunch of other sites to see if he used the same username/password combination anywhere else.

It's relatively hard to get people to install malware on their computer. But if they voluntarily sign up to your site using their usual username and password, you can then use that username and password on their behalf everywhere else.

[jaysabi]

there are a lot of known exploits on blockchain therefor I always make new addresses and have pretty strict measures on my accounts as I myself have been a victim of blockchains exploits (15BTC).

I'm unfamiliar with how blockchain is exploitable. I was under the impression it was safe. Can you elaborate at all on what I need to be wary of?

[dooglus]

I'm unfamiliar with how blockchain is exploitable. I was under the impression it was safe. Can you elaborate at all on what I need to be wary of?

I heard that they once turned off 2FA on a charity's account when a hacker asked them to. The hacker then was able to withdraw the balance.

I could probably find a report about it if you like. You so could you.

Edit: http://www.fr33aid.com/1511/fr33-aid-bitcoins-stolen/

[bigasic]

Interesting information what with Apple users saying that their computers are virus / malware free with this discovery you have to be careful whatever os your using... Feel for you 100btc is a lot to go missing  

All I can say is there is no issue with the security of primedice, I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

There are users who choose to store hundreds of coins on their account at one time and have had zero issues, if you have any fear just enable 2FA and as long as your PC is secure you should be good.

Hi, OP here.
Stunna has been incredibly helpful in the situation so far. The current theory is that a thief must have compromised my account by brute-forcing my weak password. Since there would be no way for anyone on the outside to know exactly when I had been online at PD (since I did not make any bets or make my presence known in the chatroom on the day of the theft), they must have been monitoring the blockchain for large deposits from my personal wallet to my PD address somehow. Possibly through the use of some script? I have no clue...  

I have to hand it to the thief for having enough technical know-how and impeccable timing to pull off the withdrawal in the incredibly small (literally 2 minute) window between confirmation and my first attempted bet.

If anyone out there has seen this type of theft before, PLEASE LET US KNOW any details you have, as this is the first time I have seen anything like it.

Now that 2FA is available, hopefully this will be the last time.

Thanks,
DiceMiner

Got to hand it to you Diceminer, you have handled the situation with the utmost respect. With that type of money on the line, I think I would have been running around screaming. You obviously are a very level headed individual. Sorry you lost so much coin, I hope that we all have learned a valuable lesson here. Always use 2Fa and use very long difficult  passwords. Also, it may be wise to only put on the site that you are wiling to lose, i guess you did this, because you are gambling, lol.

Kudos to you and Stunna..

[jaysabi]

I'm unfamiliar with how blockchain is exploitable. I was under the impression it was safe. Can you elaborate at all on what I need to be wary of?

I heard that they once turned off 2FA on a charity's account when a hacker asked them to. The hacker then was able to withdraw the balance.

I could probably find a report about it if you like. You so could you.

Edit: http://www.fr33aid.com/1511/fr33-aid-bitcoins-stolen/

So really, it's about a company that had poor procedures regarding 2FA. It seems like the same risk as a financial institution that doesn't verify the identity of someone making a withdrawal request, except in that instance the bank is liable to cover the losses.

[Stunna]

Some of the information in the post I've typed up is somewhat sensitive with regards to diceminer, I've messaged diceminer to let him know prior. Once he views my PM's I will post the story in full detail.

[BayAreaCoins]

Some of the information in the post I've typed up is somewhat sensitive with regards to diceminer, I've messaged diceminer to let him know prior. Once he views my PM's I will post the story in full detail.

This should be interesting

[alabamafan1]

UPDATE?

[PrimedicePlayersUnion]

An article of note that was published today.  Relevant since DiceMiner said he uses Mac.

http://finance.yahoo.com/news/hackers-found-flaw-macs-using-121808264.html

http://news.drweb.com/show/?i=5977&c=5&lng=en&p=0

if he uses mac, then thats probably how the attacker got to his profile
and who deposits 100 bitcoins with a weak password?

[DiceMiner]

OP here-
I appreciate the support from people that feel my pain from this loss.
Stunna and I are still talking behind the scenes, but I am ready for him to post here.

[Stunna]

I'd like to finally weigh in and end speculation that there was some sort of lack of security in our system and describe what I believe happened. When I first heard the news of this I knew 100% that diceminer was telling the truth, he was a frequent large bettor on the website and had no reason to lie about this happening and I spent a significant amount of time looking into this. I didn't really want to share this as some information was a bit sensitive but for the sake of transparency I'd like to fully detail what happened.

The situation as stated in the thread
On 2014-09-21 17:28:25 a 99.9999BTC cashout was sent from diceminer 2 to 47c18d5c3448a713608e78abb9569263ef4d780648ccd5dceff04c325d116691 (1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs) This cashout was sent from either the cashout modal or API.

What we knew at the time
Ultimately we didn't have any ip logging in place beyond account creation so I couldn't determine what ip hijacked the account but we were able to determine that the cashout was sent from the cashout modal or API there was nothing done server-side.  I narrowed it down to either someone guessing/cracking his password or a script containing malware. However, diceminer says he was not running a script at the time so I narrowed it down to some sort of password attack. In terms of primedice password security, we go far beyond standard password hashing to secure accounts, PD couldn't figure out a user's password if we wanted to.  It's also important to note that diceminer had completed several other 100 coin deposits and numerous cashouts prior without issue and since the incident there have been a significant increase in 100+ coin deposits/cashouts and no issues.

The Investigation
I was secretive about what had happened as I ended up setting up logs on diceminer's account to try and find out who was accessing it as this was a serious theft. I attempted to bait out the person by putting coins on the account and then blocking it from cashing out, only one person ended up cashing out the "trap" cashout and that was diceminer himself unfortunately. I reloaded the account but there were no recorded cashouts after that. I was hoping to have an ip to tie to the address the coins were sent to and place a bounty for more information or connections but this did not pan out, the thief didn't come back for seconds.


I scrambled for a period of time worrying that our security had somehow been compromised but all other funds remained secure and then I got this message:

Note: the password has since been changed and the account is now blocked from cashing out, I've also ensured that diceminer is not using this password for anything else and gained his permission to post this:

It pains me to reveal this, but I hope you don't cut your investigation short after I tell you the following. My login and pass were identical, as I had no intention of ever logging in from another computer.

user: DiceMiner2
pass: diceminer2

After I got this message I was pretty upset this wasn't revealed at the beginning but I understood diceminer's reason for withholding it and continued to investigate regardless.

After this information was provided to us, our team determined that the most likely outcome is someone literally just attempted to guess the password in a few attempts and got lucky or attempted to bruteforce the account after it was spotted on highroller for very basic passwords such as the username or password. I previously said there definitely wasn't a bruteforce but it was definitely possible, we do have an anti-login bruteforce though so unsuccessful logins are counted towards limit which makes this unlikely though. There still isn't much we could do on top of our current system to prevent this other than banning users from setting insecure passwords such as their username, no other highrollers were effected fortunately either due to stronger passwords or a lack of a password.

We value user privacy and try to log as minimally as possible which made it very hard to 100% determine what happened but I can conclude that there was no concerning fault in our system other than a lack of a 2FA option which has since been added. If the user ran a script though then there is no way for us to defend against that, I had some concern that this was the case here as this occurred a day or two after someone started spamming chat with the "PD Exploit" script and his video contained the greasemonkey add-on but I'll trust diceminer's word that no scripts were involved.

I'm sincerely sorry that diceminer lost his coins, I spent the past two weeks trying to log the ip of the person who did this in hopes that we'd have at least  something minimal to go off of but was not successful in this attempt. It's extremely unfortunate for diceminer, I was really upset when I found out about this but I will say that I did not take this lightly and spent countless hours each week looking into possibilities and trying to catch the person involved. Ultimately we will do everything we can to provide the best possible security we can, but it is up to the users to set a secure password and enable the now possible 2FA. The simple fact is during this time frame we've had countless of 100+ coin deposits and withdrawals that went through swiftly and without issue and I have no doubt that user balances are secure. If any deposits were ever robbed from a user due to a direct fault in our system I would immediately without question replace it with my own funds, I have no reason to believe this was the case here.

Conclusion
I conclude that the 100 coin loss was most likely  a result of the weak password matching the username of the account which allowed a thief to successfully commit a simple password guessing attack which could only have been prevented by us banning weak passwords, providing 2fa at the time or by the user setting a more secure password. It's important to note that we had sufficiently strong brute-force/guessing limits in place which is why I feel that this attack was not automated and was simply a random person manually plugging in a few password attempts on the account and getting lucky.

Many of diceminer's coins appear to have been sent here https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL  . Anyone with any information regarding this should shoot me a PM as I'll continue to do what I can to help him recover his lost coins. I thank diceminer for his cooperation and understand throughout all of this, I'll keep my eyes and ears open to see if anyone has any information.

[kingscrown]

damn 100BTC and such weak passwd..

u asked for it!

but sorry to hear!

[KingOfSports]

Stunna - word of advice - allow usernames and chatnames to be different. A lot of sites offer this so that no one knows what username is actually the account holders. Allow people to have different names between the two for an extra level of security.

KOS.

[Stunna]

Stunna - word of advice - allow usernames and chatnames to be different. A lot of sites offer this so that no one knows what username is actually the account holders. Allow people to have different names between the two for an extra level of security.

KOS.

Will consider offering this for new accounts, ultimately if the user enables 2FA it should act as a pretty significant shield from unwanted access though.

[galbros]

That is a very sad conclusion to the story.  I'm sorry you lost your coins and that some will blame you for "not protecting them well enough."

I agree that it would be nice to separate ones log in username from your "handle" on the site but only a few sites do that and I can see how it could add further confusion.

[waterpile]

yeah thats a nice idea that would prevents a bored person trying brute forcing someones account

[worhiper_-_]

I'd say force people to add an entirely different chat name than their username. People that had registered before this would have to change their login.

[angeloanggam]

yeah thats a nice idea that would prevents a bored person trying brute forcing someones account

Theres a lot of people like that around here.

[marcotheminer]

Could this be a site's hot wallet (or is it a single user's wallet?!) https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It's only been around since the end of July and has already received over 220,000BTC.

[Buziss]

Looks like it is a case closed now. Sorry for your huge loss, DiceMiner.

Guys, please enable 2FA NOW if you want an extra level of security on your PD balance.

[Buziss]

Could this be a site's hot wallet (or is it a single user's wallet?!) https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It's only been around since the end of July and has already received over 220,000BTC.

That address was mentioned in the TimeToBit scam (post link: https://bitcointalk.org/index.php?topic=744692.msg8460225#msg8460225) and the Dicebitcoin latest incident (post link: https://bitcointalk.org/index.php?topic=716312.msg9063148#msg9063148) as well.

So, it seems to me that the address belongs to a big site.

[moreia]

Could this be a site's hot wallet (or is it a single user's wallet?!) https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It's only been around since the end of July and has already received over 220,000BTC.

That address was mentioned in the TimeToBit scam (post link: https://bitcointalk.org/index.php?topic=744692.msg8460225#msg8460225) and the Dicebitcoin latest incident (post link: https://bitcointalk.org/index.php?topic=716312.msg9063148#msg9063148) as well.

So, it seems to me that the address belongs to a big site.

I'll do more research on this address, I'm sure there are a lot more connections than just those to but yet again it could just be that the user is gambling all the runs he makes, and this is just the sites hot wallet from his gambling accounts address(es)

[noma]

Could this be a site's hot wallet (or is it a single user's wallet?!) https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It's only been around since the end of July and has already received over 220,000BTC.

That address was mentioned in the TimeToBit scam (post link: https://bitcointalk.org/index.php?topic=744692.msg8460225#msg8460225) and the Dicebitcoin latest incident (post link: https://bitcointalk.org/index.php?topic=716312.msg9063148#msg9063148) as well.

So, it seems to me that the address belongs to a big site.

It could probably be an exchange site address.

[DiceMiner]

OP here.
That's pretty much the gist of it...  Let me just add a few details from my end:

It's also important to note that diceminer had completed several other 100 coin deposits and numerous cashouts prior without issue and since the incident there have been a significant increase in 100+ coin deposits/cashouts and no issues.

With my "DiceMiner2" account on PD, I had deposited 100 BTC twice. The first time, I won 20 BTC, the second time, the theft occurred. Also, I recently found a post while browsing, about my other PD account at the time:

https://bitcointalk.org/index.php?topic=208986.msg8896057#msg8896057

So, with 2 different PD accounts, I had won a total of 40 BTC and successfully deposited and withdrew my 100 BTC principal 2 out of 3 times. I guess the new 2-factor that was added as a result of this theft has brought more whales.

The Investigation
I was secretive about what had happened as I ended up setting up logs on diceminer's account to try and find out who was accessing it as this was a serious theft. I attempted to bait out the person by putting coins on the account and then blocking it from cashing out, only one person ended up cashing out the "trap" cashout and that was diceminer himself unfortunately.

When Stunna and I started discussing privately, he was incredibly gracious in helping me attempt to find this guy. Initially, the plan was the send 100 BTC to my PD account, while an "anti-cashout" feature was implemented so no coins could leave the account, in the event the thief came back and tried it again.

On September 24th, Stunna informed me that the trap was in place and to not login (so as to not cause any confusion). A few days passed with no activity, which was not really unusual, but what puzzled me was that there was absolutely no sign of any deposit into my PD account, when viewed through the blockchain. To me, this was the entire point, because how else would the thief know there was any bait? I logged into the account to see for myself and when I got it, 5 BTC was added to the balance in PD, but none of those 5 coins showed up in the blockchain. I tried withdrawing the dust that I had left over (approx. 0.00101 BTC, I believe) and the "anti-cashout" feature was definitely in effect. Also, Stunna informed me that my entry had been logged, so that was all in working order as well.

He told me that he had credited the account from the back-end and when I explained why I thought that may be ineffective as bait, he finally credited 4 BTC to the account, using actual coins, on September 28th. Unfortunately he withdrew the bait only a day after, on the 29th:

https://blockchain.info/address/12UrtgL7XWbM6mMfZyzSgfEoVMFMDXdFta

If the user ran a script though then there is no way for us to defend against that, I had some concern that this was the case here as this occurred a day or two after someone started spamming chat with the "PD Exploit" script and his video contained the greasemonkey add-on but I'll trust diceminer's word that no scripts were involved.

Thank you Stunna. I really have no need to any cheats or exploits, as I bet very conservatively, over a long period of time. Many people that were active on Just-Dice may remember me from this:

https://bitcointalk.org/index.php?topic=576673.msg6319022#msg6319022

All I need is a secure site that is run in an honest way, to make my coins. Sometimes I wonder if using the same "DiceMiner" name may have tipped off the thief (or thieves) to my whereabouts. It's moot now, but that type of thing is always in the back of my head now. Needless to say, I will be using new, unfamiliar names from now on.

Conclusion
I conclude that the 100 coin loss was most likely  a result of the weak password matching the username of the account which allowed a thief to successfully commit a simple password guessing attack which could only have been prevented by us banning weak passwords, providing 2fa at the time or by the user setting a more secure password. It's important to note that we had sufficiently strong brute-force/guessing limits in place which is why I feel that this attack was not automated and was simply a random person manually plugging in a few password attempts on the account and getting lucky.

I believe this is part of the story, but there must be something else we are not seeing or considering. My sleep and gambling schedule is fairly erratic and hard to predict. It just seems implausible that somebody was squatting on my PD account and repeatedly refreshing his browser, in the hope that I would login and deposit.

Especially since my stolen coins all eventually ended up at the infamous "1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL", I am inclined to think that this is more than just some thief working on his own. Whoever is behind this has many "irons-in-the-fire" and is scamming on many levels. Also, he could possibly own millions of USD worth of coins. If that is truly the case, he may not be that anonymous after all.

Many of diceminer's coins appear to have been sent here https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL  . Anyone with any information regarding this should shoot me a PM as I'll continue to do what I can to help him recover his lost coins. I thank diceminer for his cooperation and understand throughout all of this, I'll keep my eyes and ears open to see if anyone has any information.

Again, I would like to thank Stunna for all his past help during this ordeal and his continued help, should any new information arise. After the implementation of 2-factor, Primedice is even safer than before. One can deposit and play there with confidence. Of course, this does not bring MY coins back, so I will welcome any leads any time. So, if anyone has any new info, or even a hunch, please chime in. Even if it is only concerning the "1FsVcd..." address. Whoever is behind my theft has burned many, many others on Bitcointalk.


DiceMiner

[NLNico]

Especially since my stolen coins all eventually ended up at the infamous "1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL", I am inclined to think that this is more than just some thief working on his own. Whoever is behind this has many "irons-in-the-fire" and is scamming on many levels. Also, he could possibly own millions of USD worth of coins. If that is truly the case, he may not be that anonymous after all.

Just FYI, that address seems to be a hot-wallet of BTC-E. So frequently hackers send the BTC to their BTC-E deposit address (probably as a simple mixer) and after that BTC-E moves it to "1FsVcdeH.." (and after that uses it for withdrawals etc.) For example it's mentioned here after a BTC-E deposit: http://www.reddit.com/r/Bitcoin/comments/2hv0jd/i_think_someone_just_tried_to_steal_my_coins_but/

Sorry for your loss btw.

[alabamafan1]

Especially since my stolen coins all eventually ended up at the infamous "1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL", I am inclined to think that this is more than just some thief working on his own. Whoever is behind this has many "irons-in-the-fire" and is scamming on many levels. Also, he could possibly own millions of USD worth of coins. If that is truly the case, he may not be that anonymous after all.

Just FYI, that address seems to be a hot-wallet of BTC-E. So frequently hackers send the BTC to their BTC-E deposit address (probably as a simple mixer) and after that BTC-E moves it to "1FsVcdeH.." (and after that uses it for withdrawals etc.) For example it's mentioned here after a BTC-E deposit: http://www.reddit.com/r/Bitcoin/comments/2hv0jd/i_think_someone_just_tried_to_steal_my_coins_but/

Sorry for your loss btw.

Based on this, we can assume 1 of the 2 following:

1) 1PrZQH8L7aU9qyhbgLvm4zNjfoC1wGevAs is a BTC-e deposit address

OR

2) 1A1GYrx2qvPBr1PyqHJ5ibG6ECnJBcqey5
    1AB5fAh4eUT3vLcYnzss5dAfuDznEbXRmT     >>>> are all BTC-e deposit addresses.
    1DbURCqnqNiykqs6j4f1xvRYCqrE2rsHYM
 

Either way if you are trying to find more info on who stole your coins contacting BTC-e might be beneficial. Don't know how helpful they'll be, the scammer obviously sent the coins to one of the most rogue trading sites (communication-wise) out there. Probably not the first time hes done something of this nature but I doubt as big as this score.

[DiceMiner]

Thanks guys. I appreciate the BTC-e lead. Emailed their support last night, asking if "1FsVc..." belonged to them. Unfortunately, they said they can not give that type info unless the police are involved.

Not saying I would go that far, but just thinking out loud-
Does anyone know who I would go to if I were to get the police involved? I really can't imagine going to the local substation and trying to explain to them was a Bitcoin is, let alone having them get involved. Also, what jurisdiction does this fall under?

[247casino]

Could this be a site's hot wallet (or is it a single user's wallet?!) https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It's only been around since the end of July and has already received over 220,000BTC.

doubt it's a gambling site, way too big the trans

unless it's a middle account

say SWC sweeps into it then outs to a vault

so a gambling site with volume could do a bunch of minor trans and then use something like this to 'sweep' into

can anyone figure out where all the in money is then outed too?

they probably have a bunch of off line vaults

so the trans accounts taking the low trans sweeps to a monster step account which then vaults to a bunch of addy's

that's what it looks like to me

but I"m not a pro at reading the block yet

[PrimedicePlayersUnion]

Stunna - word of advice - allow usernames and chatnames to be different. A lot of sites offer this so that no one knows what username is actually the account holders. Allow people to have different names between the two for an extra level of security.

KOS.

Will consider offering this for new accounts, ultimately if the user enables 2FA it should act as a pretty significant shield from unwanted access though.

I dont like 2fa but the chat idea seems good

[ShintoshiBTC]

*sigh* I really hope this will end in good terms.

[noma]

Has there been a conclusion to this yet?

[Loophole]

Has there been a conclusion to this yet?

This is likely what happened: https://bitcointalk.org/index.php?topic=791367.msg9086516#msg9086516

TL;DR: OP set a very weak password and deposited 100 btc. Someone guessed his password and sent the 100 btc to btc-e for mixing or selling it.

[noma]

Has there been a conclusion to this yet?

This is likely what happened: https://bitcointalk.org/index.php?topic=791367.msg9086516#msg9086516

TL;DR: OP set a very weak password and deposited 100 btc. Someone guessed his password and sent the 100 btc to btc-e for mixing or selling it.

Sucks to lose 100 BTC to keep it on a site without 2FA.

[jiggytom]

so was it confirmed that 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL was hot storage for BTC-e?