Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Gambling
Merits 54 from 11 users
Re: bustabit – The original crash game
by
devans
on 21/03/2019, 12:48:58 UTC
⭐ Merited by tim-bc (10) ,RHavar (10) ,suchmoon (9) ,malevolent (7) ,casinobitco (5) ,dbshck (5) ,DarkStar_ (4) ,cactus87 (1) ,milewilda (1) ,Stringer Bell (1) ,LoyceMobile (1)
Earlier today, an attacker exploited a previously unknown vulnerability in one of bustabit's API methods which allowed him to find out the current game's outcome before its end. By exploiting this bug the attacker managed to win a total of 122.5686 BTC and empty the hot wallet.

I have confirmed the existence of this vulnerability and deployed a fix for it. In a few minutes, the game will resume and the hot wallet refilled.

bustabit will reimburse all affected bankroll investors out of pocket. Each investor's account will be credited with the full amount of bits lost to the attacker and an equal amount of dilution fee credits. Because I want to ensure that all affected investors are made whole (vs just adding 122.5686 BTC to the bankroll again), this will take 1-2 days while I calculate how much each investors is owed.

There is no indication that this vulnerability was exploited before today. Player funds were not at risk at any point in time. The problem was specific to bustabit and bustadice was not affected in any way.