Earlier today, an attacker exploited a previously unknown vulnerability in one of bustabit's API methods which allowed him to find out the current game's outcome before its end. By exploiting this bug the attacker managed to win a total of 122.5686 BTC and empty the hot wallet.
Was the bug or the method of exploiting it in any way interesting?
It was a stupid mistake where the API exposed the game bust value before the round ended, if the player was in it.