100 BTC was stolen from my Primedice account. Please see thread.

[dooglus]

I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

The current theory is that a thief must have compromised my account by brute-forcing my weak password.

I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?

Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.

[1714994431]

1714994431

[1714994431]

1714994431

[1714994431]

1714994431

[1714994431]

1714994431

[alabamafan1]

Sounds like Stunna had a bad day to the other bettors and decided to pull a fast one here honestly if thats the story.

[grux]

Interesting information what with Apple users saying that their computers are virus / malware free with this discovery you have to be careful whatever os your using... Feel for you 100btc is a lot to go missing  

All I can say is there is no issue with the security of primedice, I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

There are users who choose to store hundreds of coins on their account at one time and have had zero issues, if you have any fear just enable 2FA and as long as your PC is secure you should be good.

Hi, OP here.
Stunna has been incredibly helpful in the situation so far. The current theory is that a thief must have compromised my account by brute-forcing my weak password. Since there would be no way for anyone on the outside to know exactly when I had been online at PD (since I did not make any bets or make my presence known in the chatroom on the day of the theft), they must have been monitoring the blockchain for large deposits from my personal wallet to my PD address somehow. Possibly through the use of some script? I have no clue...  

I have to hand it to the thief for having enough technical know-how and impeccable timing to pull off the withdrawal in the incredibly small (literally 2 minute) window between confirmation and my first attempted bet.

If anyone out there has seen this type of theft before, PLEASE LET US KNOW any details you have, as this is the first time I have seen anything like it.

Now that 2FA is available, hopefully this will be the last time.

Thanks,
DiceMiner

Don't mean to prod, but you haven't answer my question from before about what greasemonkey scripts you are running. The "scripts" you named were browser plugins, not actual scripts that you paste into greasemonkey and run.

[Stunna]

I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

The current theory is that a thief must have compromised my account by brute-forcing my weak password.

I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?

Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.

It's because his password was not bruteforced, we have measures to prevent this and server logs indicate this wasn't the case at all. I'll post the full story tomorrow.

[DiceMiner]

I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

The current theory is that a thief must have compromised my account by brute-forcing my weak password.

I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?

Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.

It's because his password was not bruteforced, we have measures to prevent this and server logs indicate this wasn't the case at all. I'll post the full story tomorrow.

OP here again. Ok, according to Stunna and I's private convo, apparently this was not the case. Sorry for the misinformation. The more I learn, the more this just gets confusing. I was under the initial impression (based on our private correspondence) that you did not log login attempts at the time of the theft. On Sept 25th, Stunna wrote:

"We had minimal logging prior (on account creation) now we are logging on cashout."

But before I contribute to any more confusion again, I will wait until Stunna posts his new findings.

[DiceMiner]

Interesting information what with Apple users saying that their computers are virus / malware free with this discovery you have to be careful whatever os your using... Feel for you 100btc is a lot to go missing  

All I can say is there is no issue with the security of primedice, I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

There are users who choose to store hundreds of coins on their account at one time and have had zero issues, if you have any fear just enable 2FA and as long as your PC is secure you should be good.

Hi, OP here.
Stunna has been incredibly helpful in the situation so far. The current theory is that a thief must have compromised my account by brute-forcing my weak password. Since there would be no way for anyone on the outside to know exactly when I had been online at PD (since I did not make any bets or make my presence known in the chatroom on the day of the theft), they must have been monitoring the blockchain for large deposits from my personal wallet to my PD address somehow. Possibly through the use of some script? I have no clue...  

I have to hand it to the thief for having enough technical know-how and impeccable timing to pull off the withdrawal in the incredibly small (literally 2 minute) window between confirmation and my first attempted bet.

If anyone out there has seen this type of theft before, PLEASE LET US KNOW any details you have, as this is the first time I have seen anything like it.

Now that 2FA is available, hopefully this will be the last time.

Thanks,
DiceMiner

Don't mean to prod, but you haven't answer my question from before about what greasemonkey scripts you are running. The "scripts" you named were browser plugins, not actual scripts that you paste into greasemonkey and run.

Look I don't know what else to tell you. Honestly, I don't remember when I installed Greasemonkey, or exactly why. What I listed previously is what I am running now. If it were truly a malware problem, why would the thieves chose such a circuitous way of stealing my BTC? Why not take them directly from my wallet?

Anyhow, I am trying not to pollute this thread with any [possibly unrelated] cross-talk. If something minor jumps out at you, please let me or somebody know via IM. If you've found a smoking gun, please share.

[Bobblehead Pete]

So what is the conclusion about this? Any resolution given?

[dooglus]

So what is the conclusion about this? Any resolution given?

Stunna didn't want to post the story for some reason and asked OP to post instead, so OP posted, only OP doesn't seem to know the story, because he thought his password had been bruteforced, but Stunna says that isn't what happened, so now Stunna is going to post the true story tomorrow...

It sounds like PD was doing very little logging at the time of the attack, but despite that it's definitely not PD's fault, and there's nothing to worry about.

I think that's the story so far. Please correct me if I got anything wrong.

[ABitNut]

So what is the conclusion about this? Any resolution given?

Stunna didn't want to post the story for some reason and asked OP to post instead, so OP posted, only OP doesn't seem to know the story, because he thought his password had been bruteforced, but Stunna says that isn't what happened, so now Stunna is going to post the true story tomorrow...

It sounds like PD was doing very little logging at the time of the attack, but despite that it's definitely not PD's fault, and there's nothing to worry about.

I think that's the story so far. Please correct me if I got anything wrong.

DiceMiner's password may have been compromised from some other site/location. Social engineering seems as likely as a technical exploit. Especially since the attacker apparently knew when DiceMiner was playing. Figuring that out by social engineering is probably easier than doing it by technically breaking into either his system or into PD.

If his password was attacked directly it is not even clear if it was done on PD. Maybe the password was used in another place that is vulnerable. There are many unknowns, but it seems both Stunna and DiceMiner are constructive and working together to figure out what happened. So we may get a reasonable conclusion in this case. I commend them both on this.

[jaysabi]

One thing for sure is OP is handling this with poise. If I lost 100 btc I'd be out of my mind. I can't even fathom having 100 btc.

Not to belittle your loss, but I think you're taking it like a CHAMP.

[noma]

One thing for sure is OP is handling this with poise. If I lost 100 btc I'd be out of my mind. I can't even fathom having 100 btc.

Not to belittle your loss, but I think you're taking it like a CHAMP.

Absolutely true. Another guy lost 400 coins to DB because DB scammed him, and he didn't care much to go after their ass.

[liu405]

One thing for sure is OP is handling this with poise. If I lost 100 btc I'd be out of my mind. I can't even fathom having 100 btc.

Not to belittle your loss, but I think you're taking it like a CHAMP.

Absolutely true. Another guy lost 400 coins to DB because DB scammed him, and he didn't care much to go after their ass.

if it's true ,now ,how we believe the Safety of bitcoin which we are holding and  transfering?

[jaysabi]

I think the hacking of the private key is pretty much impossible. The vulnerabilities seem to come from malware that gets installed in your computer. Your bitcoins then are only as safe as your computer is. 

[Cyrax89721]

Just throwing a random thought out there regarding the social engineering aspect, especially since DiceMiner doesn't seem to be the only one that's been having a lot of BTC stolen recently.  The possibility that somebody behind another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.

[Tammy Chan]

One thing for sure is OP is handling this with poise. If I lost 100 btc I'd be out of my mind. I can't even fathom having 100 btc.

Not to belittle your loss, but I think you're taking it like a CHAMP.

Absolutely true. Another guy lost 400 coins to DB because DB scammed him, and he didn't care much to go after their ass.

if it's true ,now ,how we believe the Safety of bitcoin which we are holding and  transfering?

Just don't store your bitcoin in places where you have no private keys, such as exchanges and casinos.
If you really need to, only store them on highly trusted sites, and enable 2FA whenever possible.

[hermanhs09]

I'm sure Stunna will come through for you if it is a site glitch.

i am sorry

[moreia]

I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.

The current theory is that a thief must have compromised my account by brute-forcing my weak password.

I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?

Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.

I doubt this was brute-forcing.  Brute-forcing is an extremely outdated way to access funds, how would he know this guy had 100BTC in his acct in the first place

My guess is you have been infected by a key logger, stealer or RAT, they've taken your password and gotten your BTC. I recommend you use 2auth next time you play on pd or in that case any dice site.

[dooglus]

another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.

That is a very good point. Don't use the same password twice. Use a password manager to generate a good strong unique password every time you sign up for a new site.

My guess is you have been infected by a key logger, stealer or RAT, they've taken your password and gotten your BTC. I recommend you use 2auth next time you play on pd or in that case any dice site.

If his machine is infected, 2FA probably won't help him.

The attacker's malware could simply change the withdrawal address on the fly right after the victim types his 2FA code and submits the withdrawal request.

[moreia]

another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.

That is a very good point. Don't use the same password twice. Use a password manager to generate a good strong unique password every time you sign up for a new site.

My guess is you have been infected by a key logger, stealer or RAT, they've taken your password and gotten your BTC. I recommend you use 2auth next time you play on pd or in that case any dice site.

If his machine is infected, 2FA probably won't help him.

The attacker's malware could simply change the withdrawal address on the fly right after the victim types his 2FA code and submits the withdrawal request.

Depends on what he's been infected with. RAT yes, other software don't have the power to do as you state
also doesn't matter how strong your password is, key loggers take your password via cookies so doesn't matter if it's a 100char with specials and caps it still can be stolen, just not brute forced (which as I said is extremely hard to do these days).

[dooglus]

another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.

That is a very good point. Don't use the same password twice. Use a password manager to generate a good strong unique password every time you sign up for a new site.

doesn't matter how strong your password is, key loggers take your password via cookies so doesn't matter if it's a 100char with specials and caps it still can be stolen, just not brute forced (which as I said is extremely hard to do these days).

I'm talking about using a different, non-guessable password on each site. Because if you use the same password on scamdice.com and primedice.com then the operator of scamdice can log your password when you log in there and try it on your primedice account.

Kind of off topic, but what do you mean by "key loggers take your password via cookies"?

If his machine is infected, 2FA probably won't help him.

The attacker's malware could simply change the withdrawal address on the fly right after the victim types his 2FA code and submits the withdrawal request.

Depends on what he's been infected with. RAT yes, other software don't have the power to do as you state

I would expect most malware has the ability to update itself or download and run arbitrary files, but maybe not. I figure once you're infected it's game over and the attacker can do whatever he likes on your machine.