Duelbits has communicated with several operators, including stake.com and based on the information obtained from the blockchain and through the addresses this user deposited and withdrew from, there's direct exposure of bug abuse from different operators, however an independent investigation is still being conducted.
the excuse that the player used the provider's bug in several casinos cannot be a reason for withholding his funds. if a bug has already been noticed, it should have been removed and the player should not be blamed for playing under those conditions.
on the page with your TOS about KYC and AML policy, there are more conditions. You would probably have to emphasize where exactly the problem arose.
It is interesting that during the deposit (which is really huge in this case) there were no complaints about the violation of these rules. Shouldn't that be checked immediately, and not wait for a win? One can conclude that in the event of a total loss, the casino would not mind a certain violation of its policy.
Duelbits would like it on the record that the user has already been paid out a seven figure sum prior to the commencement of the investigation.
this is a good step forward, but it tells me that there are not too many reasons not to pay this win.
I assume that such a big loss for the casino must force those responsible to start solving the bug that caused all this. otherwise, you lose any right to complain that the player abused the omission on your part.
also, the whole thing in the second part of the OP's post about the potential attempt to take over the account and the very suspicious contact by Duelbits support seems worrying.