How was the game exploited? Are GameArt's slots insecure or was it due to the particular implementation of the slot?
If GameArt's slots are insecure, why haven't they released a statement regarding this? GameArt slots are quite popular across a lot of different sites so I find it hard to believe their slots had an issue like this.
As far as i have seen sportsbet.io and stake.com uses combination websocket and graphQL in their site.
You wont imagine how many times the websocket interacts with UI for fetching the latest value.
For an instance : if you place a bet over sportsbet.io (live sports)
The server and client communicates 7 times via websocket for the latest odd and then 4 times if the odd in UI is same as provided by 3rd party client that sportsbet uses for latest odd match.
Manipulating the response for 11 times for all websocket request is really someting great.
That guy must be master of intruder. I wonder if he would had just submitted a bug report then he would surely got 20k usd plus.