Ahh well, that's... fast. I reached them before I have to jump to other place, about six and a half hour ago, though I can't reach you here as I barely have time to address any forum-related matter earlier today and can only address them now. So uhh, I guess with this everything is good and working normally? And we can mark this case as resolved? Or is there other thing I can help you with?

Hi, sorry, I was a bit busy with IRL situation yesterday and though I got notified by TG bot that you mentioned me in a reply, I wasn't be able to open them until today. I've notify my contact about few minutes ago, I think now all we need and can do is wait.

Ive just resend the email.

Screenshot:
https://talkimg.com/image/0PYJ2

Do you mind to send another one? I'm just throwing a guess here, but given they were previously unsure of the legitimacy of the requestee [that they can't determine whether the one asking 2FA is indeed you, the original owner, or was it the hacker attempting to regain access to 2FA after everything is reset], your previous ticket might already got "addressed", as in they've look at it, marked it as "need further check" or something alike, and then left unattended and drowned by other emails.

Sending another one will only take few minutes and, IMO, if it can help solve the situation, it's not hurt to resend the request email. Nudge me when or if you did it, i'll inform my contact immediately after. Though it is weekend and I usually don't want to bug them during weekend.

Probably I don't even have to ask as I somewhat think you've did it in the first place, but have you seen your email's sessions and did you see only you have access to that account?

Meanwhile, for your 2FA, my contact tell me that you'll need to write to support@bc.game and the team will help you out. So, shoot them an email and notify me once you did, I'll try to tell my contact and see if they can probably get your request expedited.

I probably don't have them right now, as the contact "I assign" for your case usually already in their bed by this time, but let me try to reach them anyway and see if they can get the 2FA thing done in the morning.

About the likelihood of hacker being in your account... my contact actually already told me that seclog shows multiple IP accessing your account, though they did not give me the details of the IP for privacy reason. So, I think it's safe to say that there was someone in your BC account other than you, of whom with 2FA, enabled them to send tips. The reason for tips, I believe was to avoid you noticing it, as it was not recorded in withdrawal or deposit history page, that you'll likely visit the instance you realized there is a discrepancy in the balance from what you have in mind.

And why only two tips? Most likely because you noticed it on the second tips, and we get it disabled before further tips can be made. Suppose you did not realize it, maybe there was, is, and will be more tips made in small batches every time to minimize the chance of you noticing it.

While for the likelihood of the hacker having access to your other accounts if they have your BC email address... did you use the same password for every accounts you have that you use for BC?

Yes. Everything is clear, because what you said is possible method how hacker send those tips. But its unlikely. Because if someone has access to my BC email. Than he have access on almost every account of mine. And all of this time I have zero Unauthorized actions on other accounts.
Thats more unbelivable. That someone hacked my email and used it for only BC and send only two tips.
Im so, so curious whats happening here 🤔

Probably your email address and BC password was leaked somewhere for some unknown reason to anybody. Upon having an access to your account, they set the GA that allows them to approve the tipping. As a side --but important-- note, GA does not need to be bound to the same email address [e.g.: your BC account is under drahmaar@gmail.com, the GA can be set under not_drahmaar@gmail.com], thus you can't see any account being added to your GA.

With this, I guess everything is now made clear? Or is there other thing that I can help you with to be addressed to my contact?

I see. Thank you for clarifying.

And this actually goes along with the explanation made by my contact upon the findings made by their security team, as well as give some sense to point on the explanation above about why they require a week to process your 2FA activation, that they're still trying to determine whether you're the real owner or not.

If I may convey what my contact tell me, summarized:

In BC, you have three security methods to do actions like withdrawal or tipping:
1. SMS OTP
2. Email OTP
3. 2FA by Google Authenticator

Their seclog revealed that 2FA [Google Authenticator] was activated after your withdrawal and after that, the tipping happened.

Given you're not the one who activates 2FA, I shall strongly assume that it was the hacker who activated it. I think this also explained why live support assured you that someone else initiated the tipping was not possible in your case as you have OTP, since I believe they don't have access to your account seclog and did not see that you have 2FA activated and followed by tippings; thus they assume you only have OTP and/or all of the authorization methods were controlled by you.

With the ongoing assumption that someone else had 2FA access to your BC account, it could help them "bypass" your OTP as 2FA [Google Authenticator] can be used as one of the two from three security verification methods mentioned above to authorize an action.

I also assumed, upon reviewing your seclog and realized that there is a possible scenario where a hacker was the one being in possession of your 2FA, they require such obscenely long time to activate your 2FA, as they want to be sure it is [this time] you who activated it.

Is this explanation make some sense and possibly fits and explained your situation?

Do you mind to tell me when did you activate the 2FA? A guesstimate is acceptable and well understood if you can't precisely remember that. Was it about the same time you set your account? After some win? After you make your first deposit or withdrawal?

I have to agree that Live Support is terrible, many said that, and I experienced it first-hand when I tried to get someone's case resolved through live support, that's why --IMO-- the best way we can get to the bottom of this is by having my contact diving deep and look for the root of the issue. As we speak, my contact is still trying to get a clearer picture of it too, as from their side --just like they said-- there are signs of hack.

And yes, that's me saying I am still interested in understanding what happened, in a "professional" way, in sense that I oversee this case and I really want to get to the bottom of it, again, if you'll allow it.

Well, they confirmed that there are some signs of a hack. I believe they do have the logs of the user account. They can check weather the 2FA was disabled for a certain period or the 2FA was activated before the hack. If 2FA was activated from the beginning, yet someone was able to access his account, isn't it concerning for the BC game? This can happen with other players as well.

I can think of three scenarios here. The first one is, someone from OP's family used their device to get the OTP and successfully logged in to their account (but BC support said they found a login from a different location). The 2nd one is, OP is telling lie about the case (this is unlikely because BC already found the sign of hack), and the 3rd one is, the security system was breached somehow.

Hey, not trying to be rude but we can't deny facts.

The increased casino account hack cases are due to greed and loopholes mostly due to users negligence.

The majority of these users fall victim to malicious actors primarily due to greed. Hackers have developed four prevalent methods to exploit them, generating substantial illicit gains:

Credential Harvesting via Account Sales – Users seeking to sell their accounts inadvertently surrender control. A hacker feigns interest, claiming they require login credentials and 2FA codes to verify ownership, insisting that 2FA prevents them from retaining access. Once the victim provides these details, the hacker swiftly accesses the 2FA reset page, extracts the authentication key, and registers it on their own authenticator app—permanently locking out the original owner.

Malicious Profit Bots/ Newly Installed Apps – Fraudsters lure victims with automated "profit-generating" bots. These bots, once installed, execute unauthorized actions, compromising account integrity and granting full control to the attacker. Apps or downloads requesting Google Drive access pose a major hacking risk, as Drive stores your Android backups.

Exploiting Browser Scripts & Extensions – Hackers distribute scripts, often marketed as trading tools or enhancements, that integrate with browser extensions. According to a former Microsoft employee, such scripts possess the capability to hijack login sessions and manipulate account activity without the user's knowledge.

Phishing Attacks – Cybercriminals deploy fraudulent websites mirroring legitimate login pages. Once a victim enters their credentials, hackers either automate immediate access or manually log in instantly, taking over the account before the user realizes the breach.

Being tech-savvy doesn’t make one immune to greed. As a high roller across multiple casinos, I’ve never encountered such an issue. There’s no indication in the screenshots that the casino support admitted any system bug or fault. Yet, you’re assuming it’s on their end.

A casino with millions of satisfied users wouldn’t operate with such flaws. Offering a form to report hacks doesn’t imply system issues—it simply means they’re addressing rising cases caused by user actions and analyzing ways to enhance user experience with developed safety features like Passkey and account recovery.

Let’s be clear: whether you were hacked or fell for greed, that’s on you—not the casino. Just setting the record straight. One and last thing feel yourself lucky your account is with you. There are so many cases where users lost their accounts in hands of fraudsters.

So instead of wanting to get to the bottom of this and get the situation cleared, since you consider it unresolved, you want to stop getting, basically, any input that might get us into that point where things are clearer. I shall not reach my contact any further because that's enough [your gratitude is welcomed very warmly, by the way] and you don't want to hear any response from their rep who probably could get a better understanding from the developer on their side.

That's why you'll keep informing people about your case, because it's about how they care about their users. That you don't want to listen and let them explain, to show how much care they have to their users? A little bit paradoxical, no? Help us understand the real aim here, or at least explain the paradox?

Umm... let's see if I get this correctly and feel free to correct me where I am wrong:

1. You still consider this case as unresolved
2. You don't want me to continue reaching my contact for this matter
3. You don't want any response from BC representative either
4. You'll keep updating people about your case
5. Because they don't want to refund your lost fund due to the tipping?

Thanks for the answer.
Well. I dont believe that this hacking case was my fault.
Because how someone could login on your platform in my account if I had email/phone otp activated?
If he terminated sessions and he did, because when I checked sessions there was only mine, he needed my OTP.
Case is still in water...
No refund...
Latest responses from company Ive ever had.

I will kindly ask Holydarkness to stop contacting with you for my case.

I dont want to have any contact with BC from now on...

I will keep updating people here about my case, I will tell them how do you care about your users =)

Hello Drahmaar,

For the matter of the possibility of hacked accounts, though your earlier due diligence showed that the only device being logged into the system at the time you checked was only yours, it is possible that the hacker diligently terminate their session, because from our side, we can see that there were multiple devices from different locations accessing your account. So, we believe your account was indeed compromised.

Following the total lockdown and proof of ownership, every other session from devices connected to your account should have been revoked and the account should be clean.

You can always check the log of the IP that accessed your account from https://hash.game/settings/security. At the lower part labeled "session", you will be able to see a log of IP and devices logging into your account.

We advise to always check the site you access BC from and only access the ones listed as our official sites from https://bcgame.com/

For the matter of refund for unauthorized tips, unfortunately, we cannot do refund for cases of hacked accounts, as it is the player's sole liability to any damage arising out of unauthorized use. We encourage you to secure your account through every security enhancement that we have provided for the comfort of our players.

For the matter of 2FA, though the account verification is already completed and several features are accessible, our security team is still in the process of establishing the total security of the account and that the account is factually operated by the real owner. We will have to once again ask you to kindly bear with us while we are undergoing this security measurement.

Yeah, I was about to pop into the forum for a quick post informing you this before I tackle IRL matters, as my contact reached me earlier today and told me this good news , but literally when I am about to turn on my device, I got a call from my IRL client for 50 minutes.

I'll inquire about 2FA and if they can shed us some light on what happened with those tipping and possible hacked issue. Regarding fund, well, might be wise to inform you that based from my experience with past cases, it's a procedure to lock withdrawal function for 24 hours after manual verification. So, don't be surprised if you still can't withdraw.

Yeah, I was about to pop into the forum for a quick post informing you this before I tackle IRL matters, as my contact reached me earlier today and told me this good news , but literally when I am about to turn on my device, I got a call from my IRL client for 50 minutes.

I'll inquire about 2FA and if they can shed us some light on what happened with those tipping and possible hacked issue. Regarding fund, well, might be wise to inform you that based from my experience with past cases, it's a procedure to lock withdrawal function for 24 hours after manual verification. So, don't be surprised if you still can't withdraw.

I'm literally sitting and having online talk with my contact right now [popping back to the forum because I got notification from TG bot that you mentioned my name in two consecutive post]. Do you mind to perhaps wait a little bit? A slight more of a patience, perhaps? I am having a conversation with them regarding you right now and tabling other cases.