If losing a few mBTC is already quite frustrating on the part of the players, imagine what it would be like for operators to award almost $1 million worth of BTC payouts to a bettor who later turned out to have cheated his way to gambler’s paradise.
Breaking the silence and setting the record straight, Stunna, the owner of the Bitcoin dice site, published a detailed recount of the unprecedented exploitation of Primedice’s random number generator system.
‘He was just incredibly lucky’
That was how Stunna and his team reacted upon finding no trace of errors each time a certain user named Hufflepuff cashed out his winnings on bets amounting to over $8,000 worth of Bitcoin every second for a long period.
All withdrawal requests were processed after holding his cashouts to give the team enough room to investigate for signs of anomalies. Each time, however, they found no evidence of cheating, until the main developer discovered several accounts using the same server seed.
Apparently, Hufflepuff succeeded in creating a method that would cause Primedice’s server to provide active decrypted server seeds instead. Stunna explained that this was possible by sending numerous requests in a short timeframe because such act would have confused the server.
It did, true enough, and this resulted in the $1 million worth of Bitcoin gone from the website’s wallets. Primedice was tricked.
According to him, the series of attacks started after the third version of the website aptly called Primedice 3 was launched in August last year with only days of closed beta testing. However, the onslaught did not occur until September.
Finding the culprit
However, this is no longer an allegation since Primedice’s server reveals the list of inactive and active seeds linked to Hufflepuff’s account—links that were used to confuse the server and to determine which bet would make him win or lose.
More interestingly, Hufflepuff responded to Stunna’s request to return the stolen Bitcoin, hinting of his admission of the act:
“Your offer is declined. Your demands are laughable. I’m happy to walk away and leave you be, but if you’re going to take this further, then so will I. I don’t think you want this to go further. I actually enjoy this shit. Your move. Oh, and by the way, there are some pending withdrawals that you need to process.”
Unfortunately, the Primedice team is still oblivious of the culprit’s and the stolen coins’ whereabouts, and is hoping to receive assistance in finding them in exchange for a reward.
Months after the incident, the popular Bitcoin dice site continues to stand and provide entertainment. However, it no longer caters to players from the US and Australia in an effort to evade sanctions that may be imposed by the respective gaming laws.
At present, Primedice receives Bitcoin players from Russia and China, and it has lowered its maximum bet amount, as well as the free coins in its Bitcoin faucet.