Hacker Exploits $1 Million From a Bitcoin Casino Operator
Some online casino players wonder to themselves "Are the games rigged? How do we really know it's random?" Many reputable casinos answer this question by undergoing a variety of independent audits and tests.
But how do online casinos know that their RNG is safe from hackers? Most online casinos feel secure both by utilizing software developed by big gaming houses that have undergone thorough testing and by asking their players to confirm their identity before doing any cashouts.
Online casino operator Primedice, however, was taken to the bank for the tune of $1 million worth of Bitcoin by a hacker to its online casino RNG according to Medium.com. As you are probably aware, Bitcoin is an online currency that can be transacted anonymously. This is how the hacker who knew the outcome of the games remained anonymous while using multiple accounts to exploit Primedice.
According to a representative of the online gaming operator, the story began in August 2014 when Primedice was under pressure to launch the third version of its software as soon as possible. This caused a quick roll-out of their Beta software, allowing just a week for testing.
A hacker immediately began to take advantage of the new software almost as soon as it was launched. The online casino immediately noticed two players, "Nappa" and "Kane", winning by utilizing unusual betting patterns. It is reported that "Kane" was automatically cashed out, while there was a brief delay involving an email exchange with "Nappa" before this player's cashouts were approved.
A short time later, an account named "Hufflepuff" was created, and noticed betting "upwards of $8,000 worth of bitcoin every second for hours on end," which was by far a record on the site. It was on this account that the hacker was able to win most of the over 2,400 Bitcoin worth at the time around $1 million.
While the entire team at Primedice was shocked that an account was able to consistently beat the 1 percent house-edge, after many tests they were unable to find any wrong-doing and felt it was left no choice but to approve the payouts.
Just two days after the final withdrawal, the company's main developer found out how the RNG was being exploited and employed a patch that was expected to fix the issue. The team at Primedice knew its options were limited to recover the money illegitimately won, since the nature of Bitcoin is that players remain anonymous.
They were able to locate the suspected hacker on a Bitcoin forum and demanded that funds were returned. In response, the hacker was able to find a work-around to the patch and proceeded with a new account named "Robbinhood" to win more than 2,000 additional Bitcoin. This time around, the hacker was only able to withdraw 50 to 60 Bitcoin since the online casino's hot-wallet was depleted.
Shortly after, the hacker also gloated when sending a response to Primedice when stating, “Your offer is declined. Your demands are laughable. I’m happy to walk away and leave you be, but if you’re going to take this further, then so will I. I don’t think you want this to go further. I actually enjoy this s**t. Your move. Oh, and by the way, there are some pending withdrawals that you need to process.”
The team at Primedice also notes on Medium.com that if certain action weren't taken or it took longer to make the discovery, this could have bankrupted the online casino. Hopefully this story is a lesson to online casinos about confirming the identity of its players and take enough time to thoroughly test software.
As far as online poker players go, it isn't unreasonable to believe that this hacking could also take place at online poker rooms where Bitcoin is accepted. If a player can remain anonymous to the gaming operator, it leaves little recourse for funds to be recouped for players that may have been cheated.
Get all the latest CasinoSmash updates on your social media outlets. and find us on !