OP here.
That's pretty much the gist of it... Let me just add a few details from my end:
It's also important to note that diceminer had completed several other 100 coin deposits and numerous cashouts prior without issue and since the incident there have been a significant increase in 100+ coin deposits/cashouts and no issues.
With my "DiceMiner2" account on PD, I had deposited 100 BTC twice. The first time, I won 20 BTC, the second time, the theft occurred. Also, I recently found a post while browsing, about my other PD account at the time:
https://bitcointalk.org/index.php?topic=208986.msg8896057#msg8896057So, with 2 different PD accounts, I had won a total of 40 BTC and successfully deposited and withdrew my 100 BTC principal 2 out of 3 times. I guess the new 2-factor that was added as a result of this theft has brought more whales.
The Investigation
I was secretive about what had happened as I ended up setting up logs on diceminer's account to try and find out who was accessing it as this was a serious theft. I attempted to bait out the person by putting coins on the account and then blocking it from cashing out, only one person ended up cashing out the "trap" cashout and that was diceminer himself unfortunately.
When Stunna and I started discussing privately, he was incredibly gracious in helping me attempt to find this guy. Initially, the plan was the send 100 BTC to my PD account, while an "anti-cashout" feature was implemented so no coins could leave the account, in the event the thief came back and tried it again.
On September 24th, Stunna informed me that the trap was in place and to not login (so as to not cause any confusion). A few days passed with no activity, which was not really unusual, but what puzzled me was that there was absolutely no sign of any deposit into my PD account, when viewed through the blockchain. To me, this was the entire point, because how else would the thief know there was any bait? I logged into the account to see for myself and when I got it, 5 BTC was added to the balance in PD, but none of those 5 coins showed up in the blockchain. I tried withdrawing the dust that I had left over (approx. 0.00101 BTC, I believe) and the "anti-cashout" feature was definitely in effect. Also, Stunna informed me that my entry had been logged, so that was all in working order as well.
He told me that he had credited the account from the back-end and when I explained why I thought that may be ineffective as bait, he finally credited 4 BTC to the account, using actual coins, on September 28th. Unfortunately he withdrew the bait only a day after, on the 29th:
https://blockchain.info/address/12UrtgL7XWbM6mMfZyzSgfEoVMFMDXdFtaIf the user ran a script though then there is no way for us to defend against that, I had some concern that this was the case here as this occurred a day or two after someone started spamming chat with the "PD Exploit" script and his video contained the greasemonkey add-on but I'll trust diceminer's word that no scripts were involved.
Thank you Stunna. I really have no need to any cheats or exploits, as I bet very conservatively, over a long period of time. Many people that were active on Just-Dice may remember me from this:
https://bitcointalk.org/index.php?topic=576673.msg6319022#msg6319022All I need is a secure site that is run in an honest way, to make my coins. Sometimes I wonder if using the same "DiceMiner" name may have tipped off the thief (or thieves) to my whereabouts. It's moot now, but that type of thing is always in the back of my head now. Needless to say, I will be using new, unfamiliar names from now on.
Conclusion
I conclude that the 100 coin loss was most likely a result of the weak password matching the username of the account which allowed a thief to successfully commit a simple password guessing attack which could only have been prevented by us banning weak passwords, providing 2fa at the time or by the user setting a more secure password. It's important to note that we had sufficiently strong brute-force/guessing limits in place which is why I feel that this attack was not automated and was simply a random person manually plugging in a few password attempts on the account and getting lucky.
I believe this is part of the story, but there must be something else we are not seeing or considering. My sleep and gambling schedule is fairly erratic and hard to predict. It just seems implausible that somebody was squatting on my PD account and repeatedly refreshing his browser, in the hope that I would login and deposit.
Especially since my stolen coins all eventually ended up at the infamous "1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL", I am inclined to think that this is more than just some thief working on his own. Whoever is behind this has many "irons-in-the-fire" and is scamming on many levels. Also, he could possibly own millions of USD worth of coins. If that is truly the case, he may not be that anonymous after all.
Many of diceminer's coins appear to have been sent here
https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL . Anyone with any information regarding this should shoot me a PM as I'll continue to do what I can to help him recover his lost coins. I thank diceminer for his cooperation and understand throughout all of this, I'll keep my eyes and ears open to see if anyone has any information.
Again, I would like to thank Stunna for all his past help during this ordeal and his continued help, should any new information arise. After the implementation of 2-factor, Primedice is even safer than before. One can deposit and play there with confidence. Of course, this does not bring MY coins back, so I will welcome any leads any time. So, if anyone has any new info, or even a hunch, please chime in. Even if it is only concerning the "1FsVcd..." address. Whoever is behind my theft has burned many, many others on Bitcointalk.
DiceMiner
