Coinroll To Correct Weak Security Protocols

Coinroll Database Leak

A stronger firewall and a more secure user protection system will be implemented soon, according to the update released last April 11 by the Coinroll staff.

The much needed upgrade of the Bitcoin dice site’s security protocols could not have been timelier after the recent leak of the dice betting site’s user database. The leak was made public by MacKeeper Security Researcher Chris Vickery after stumbling upon a MongoDB database that hold sensitive information about the sites’ member accounts.

Coinroll admitted that some users have already reported losing bitcoins from their account wallets:

“Lately some users claimed theft of their balance on Coinroll. We are aware of that and we’re running full audit and trying to determine if users were compromised or if there was a breach at Coinroll. We are now taking measures to increase security and taking all precautions necessary.”

Reports said Vickery discovered about 4,610 user accounts that are believed to be linked to over 9,668 wallets, thereby putting players at risk of losing bitcoins.

Coinroll Security Upgrade

Next step is to strengthen security measures

The Coinroll database leak included the hashed passwords for every account on the list. They used the SHA256 cryptographic algorithm, but skipped the step of adding random data to the SHA256 hash. Opting to salt—the process of adding random data—the hashed password strings will ensure high difficulty, if not impossibility, in cracking them.

As a way to address the risks after the passwords were exposed, the Bitcoin dice site advised its players with an account created before April 7 of this year to contact the support team to request for a password change. Players without a balance left in their account, though, should create a new account to play Bitcoin dice in the future.

Other than the password change, Coinroll also plans to integrate a two-factor authentication option with the withdrawal system to prevent unauthorized cashouts.

Also next to the to-do list is to switch from Ubuntu to Fedora. Juan-Samuel Codina-Fauteux, marketing and affiliate manager at Coinroll, shared that a recent Ubuntu update could be the culprit. The update is believed to have changed certain UFW rules, and this resulted in a weaker or altered security protection of the firewall configuration tool.

The fiasco, however, is not entirely blamed on the Ubuntu update since the Coinroll IT staff failed to secure the MongoDB database with an admin password.

Coinroll User Protection

Keeping the damage under control

The Coinroll database leak also prompted the site to temporarily suspend all withdrawals and deposits to give way for the investigation. Bitcoin payments are believed to go back live next week or earlier, once every means to secure the user funds has been done.

Vickery believed that the Bitcoin theft on Coinroll resulted from the possibility that someone had discovered the exposed database online before him and succeeded in cracking the passwords of certain accounts or found a way around the database and opted for a Bitcoin security breach.

Meanwhile, Coinroll cleared that other than the claims of stolen Bitcoin balance, no other accounts and funds have been compromised.

Chris Evans

Chris Evans

A passionate adherent of the casino industry, Bitcoin has changed Chris’ life. Now, aside from working as the Business Development Manager of Bitcoin Gambling Guide, he spends his time working on new ways to help the cryptocurrency community as well as the online gambling industry. He regularly stays updated with the latest trends in the Bitcoin gambling market to continually gain insights and clearer perspectives on the path the digital currency is taking. Included in his mission to forward the market is his personal goal to share worthy and unique ideas that will pave the way for more innovations and developments. If not preoccupied in juggling with his duties, Chris devotes his time betting in Bitcoin casinos. Who said it’s impossible to work and play at the same time?

More from author
Back To Top
Cryptocurrency Prices by Coinlib