Hi Razer, thanks for taking the time to look over and address my concerns.

Apologies in advance for the long read, I just want to provide proper context to whomever reads this.

Keep in mind, I really didn't even want to post this because I enjoy Rollbit. I think it's great what you've accomplished thus far and I see a lot more potential in it. When I see potential in something, I want to see it grow as big and as best as it can be. I've no problem with you, Razer—so, don't take this personally. Instead, consider it constructive criticism.

It's a shame that you view me as somebody who wants to do harm, because I have shown I am not here to do harm in many different ways. I reported every single one of my findings despite me losing tens of thousands of dollars. As a member, I felt disrespected and treated unfairly on multiple occasions by your team which is why I closed my account. I think it's important to address that if certain individuals had done their job correctly, this thread would have never existed.

Allow me to explain...

First Incident:
Around November 10th, I made your team aware of the security concern in the shoutbox and I was told it would be looked into and that someone would reach out. This lead me to assume that my report was recognized at the very least. I was never contacted and no action was taken. On November 17th, I reported it again in the Discord server that way more team members would be made aware. The response to my claim was a Pepe emoji which I assume implied that I was bullshitting. I explained that I was unable to replicate it and show proof because I was broke, so I mentioned to look at my recent bets which could have shown evidence. You're correct to say I didn't go through the proper channels by reporting it directly to you, but I still reported it a couple of times to multiple members of your team and they apparently did nothing about it. I would have reported it to you, but I didn't want to be seen as The Boy Who Cried Wolf because the first bug I reported before this incident turned out to be nothing.

Three days later on November 20th, I noticed that the entire gaming provider was removed from the website. So, I reached out to you at first in hopes of at least receiving recognition so that I could work for or with Rollbit in the future. It made me pretty upset when the first thing that you said to me was: "Keep in mind, for reported concerns like above we pay generous bounties. Obviously we cannot pay such rewards once the damage is already done and we find the issue during our own investigation." because I initially never asked for compensation. I thought about your response and how you claimed to find the issue during your own investigation, which just seems like something that was said on the spot. If you had found it before I reported it the multiple times, then why did it take so long for any moves to be made? If it caused damage, I highly doubt thatIt felt as if I was being taunted, especially after reporting the security concern multiple times only to receive a Pepe emoji as a response. I hope you're able to understand my frustration there.

Based on my own experience, it's common to be paid for a bug bounty even if it has been abused already because I

As for the Rollercoaster thing; of course I'm going to say it's rigged and be pissed off, I was being a degen who was using the 1000x multiplier. Everybody says it's rigged, it's almost as if it's a meme at this point. Just to be clear though, I never used the word "nigga" as a derogatory statement. I call people I am cool with "my nigga". I was however silenced from the Discord server for going off about how I wasn't paid for the exploit after I had lost a significant amount of money, which is what I was referring to when being silenced.


Second Incident:
My frustration has more to do with the people at Stake being lazy and incompetent. I told them how to reproduce it with detailed instructions. Instead of testing the bug, they took preliminary checks to see if the slots I mentioned were being abused. One of those checks was apparently contacting somebody at Rollbit and inquiring about the bug. This again left me without being compensated for a bug capable of causing serious damage.


Ongoing Incident:
I never gave much details in regards to this since it was ongoing. But, now that you've mentioned it, I will.

I reported this incident in the Discord and directly told your team. I didn't even ask for compensation or anything and I noticed that your team had again done nothing about it. So, I took action and registered the domain because I know what could of happened had I not. I go to officially report it to you and you essentially tell me thanks and to fuck off. I was then pawned off to like three different support agents after I asked if I would be compensated since it is a valid security concern and could have damaged Rollbit's reputation and users. I was told no, which prompted me to remember all of the other times I've been treated unfairly and caused me to close my account.

The next day, you reached out and said that you deposited funds on my account which I had asked to be closed the day before. Before making assumptions, I asked if the funds be redirected elsewhere or that my account would be re-opened since I only closed my account because I was treated so unfairly. I was of course again denied. Similar to the first incident, I saw this as being taunted since you knew that my account was closed and probably the reason why I closed it too. Had you asked for my off-site address and given me your Namecheap username, I wouldn't have even felt the need to make this thread. I'm not holding the domain ransom, I just think it's fair of me to ask to be compensated first considering my previous experiences.


How can you question my integrity when I have literally spent hundreds of hours on Rollbit, wagered hundreds of thousands of dollars, lost tens of thousands of dollars, reported multiple bugs that I could have abused, made suggestions which have been implemented, offered members advice on how to grow their clipping accounts, helped members with various other things, etc.

The biggest problem here is not with the self-exclusion. The biggest problem is that I never got paid for my first exploit that I found and reported in November and that Rollbit lied to Stake about the exploit existing. I was given some bullshit excuse, which you can see below.

Razer admits that they won't pay me out because "damage was already done" and they apparently "found it during their own investigation". If they had found out about it in their own investigation before the multiple times I reported it to them, then why did it take them over 10 days to take action? The incompetency of their team for not taking action isn't my fault, it's theirs. I still did my part and reported it, expecting a payout.

The exploit was so bad that they removed the entire gaming provider from their platform. So, I am now not paid for finding an exploit that was costing them a lot of money. If I hadn't reported it, how long would it take for them to find it? How much money would they have lost?

https://i.imgur.com/S1UPHtD.png

On top of that, I went to Stake to report it to them. For some reason Stake thought it was a good idea to instead of replicating the exploit I found, consult ROLLBIT (their competitor) and ask if it was even a valid exploit. The result? Rollbit lied to Stake when asked about the exploit. I even showed my email correspondence with Razer that completely suggests otherwise. Therefore, Stake never even looked into the exploit which again fucked me over because I didn't get paid out for it.


This whole self-exclusion thing has to do with my most recent findings which happened this month. As I mentioned, it's quite obvious (due to my history with the Rollbit Team treating me unfairly) that they intentionally put the funds on a locked account. Razer can definitely see that my account was closed prior to adding funds to it. They are just using my account closure to buy themselves time to maybe fix the problem because, remember, I have leverage. I can almost guarantee you that they will find a reason to close my account to make sure I don't get access to the funds when the self-exclusion is up. They've been petty with me so many times in the past.

Here's how it went down....

• I asked for my account to be closed, not self-excluded.
• Afterwards, the support agent provided a copy & paste message that said I would be self-excluded for 21 days and if I make a new account or sign into another account, they would permanently ban me.
• I ended the chat by saying "tired of being harassed by the staff members for trying to help. ok bye".
• Then, I was banned for self-exclusion immediately after.
• The next day, Razer deposited funds to my closed account and sent me an email that he did that.
• I asked for my account to be re-opened, only to be pawned off to 3 other agents who said it was impossible to do so.

It's likely that Razer pawned the ticket off to 3 other staff members because him and I both know it's possible for him to unban me. I don't have any proof of them unbanning an account from self-exclusion, I just know that from experience with owning websites that have a user database, it's definitely possible for them to reinstate my account.

Also, I never closed my account on the grounds of having a problem with gambling. I closed because I was being treated unfairly, which seems to be pretty evident from this whole entire thing

I'm not trying to argue against you or anything. I really appreciate your concern and attention to this as well as everybody else's.

Hopefully this can clear it up a bit... It may be against regulation and policy to revert a self-exclusion based on the idea that I had a gambling addiction, but I never self-excluded for the reason of addiction. I was never even asked why I wanted to self-exclude like how they normally do. They need you to admit that you're a gambling addict, which I never did nor did I hint towards that. I self-excluded for the reason of being treated unfairly by the Rollbit team, which I did mention to the person who did it.

When you say it's not possible, you're making it sound like it's literally impossible for them to do, which is not true.

Example User Data Table:
All they would have to do is change the `SelfExclusionBan` parameter from `1` (which means yes) to `0` (which means no)


Casinos hate when players have any sort of leverage over them which is why they will instantly get rid of someone who does. When players win a lot of money at any casino, they are no longer welcome there. I may not have won against the casino monetarily, but I easily could have if I didn't report any of my findings to them. Even though I had just lost like 500 Solana to them in a single month, they refused to pay me out in the first incident. The incompetency of their employees was probably costing them hundreds of thousands of dollars. If you look at the email correspondence, Razer said: " we pay generously for bugs" (multiple times btw) and encouraged me to find more.

So, I go to find more, being the good boy I am. When I present my new findings to Razer, I am instantly denied the bug bounty and told that it doesn't meet the scope. Why? Because they thought that they could fix it and that I had 0 leverage over them. As soon as they consulted with their third party agency and realized that I have leverage over them, they want to act all nice by saying that I will be rewarded. So, they "take a safe gamble" and put a balance on an account that I can't access for 19 days. This gives them time to either fix the problem or for me to give them the only "leverage" I have.

I lose both ways, which is why I am here telling you that they will ban me as soon as I get access to that account or they won't let me withdraw.

This is me just "yapping", but:
I know how these people are and they view me as a threat. They will find a reason to ban me, which is fucked up. They've already muted me for over a year for saying "nigga" (used as a friendly greeting, in a non-derogatory manner), they have banned me from their Discord server when all I did was give suggestions on how to improve Rollbit and help players in their Clipper Discord.

Remember that casinos are gamblers too and are just as hungry for any type of advantage as a player is. They hate the players just as much as the players hate them. Most players just have Stockholm Syndrome and "dick-suck" casinos thinking that they will get lucky one day. Casinos enable the Stockholm Syndrome by creating communities, doing giveaways, participating in nepotism, etc. I'd probably be the best employee at Rollbit because I see their weak points and I know how to improve the site. But, since I am not on the payroll nor do I "dick-suck" and be a fake person, I am an enemy in their eyes. Due to their ego, they will probably spend more to fix their problem than for me to fairly be compensated.

None of this would have even transpired if they matured and realized the old saying: "The enemy of my enemy is my friend". Myself being neutral and an "enemy" to the players by making sure they don't have an unfair advantage. Their loss, I guess.

I'm not sure where you get your sources from, but that is completely false about them not being able to revert the self-exclusion ban. Are you saying that there is a user datatable that CANNOT be tampered with manually whatsoever? Well, if you were implying that you would be wrong. Databases can most definitely be tampered with, it's just how it works.

What if a rogue moderator self-excluded the top players at Rollbit? You think they wouldn't find a way to undo it? It's not impossible to do and likely wouldn't affect Rollbit in anyway.

Anyways, the self-exclusion is irrelevant at this point. I'm not here to argue about just that. There's plenty more points I made and proof to back up my accusations.

What are you talking about? I'm a "snitch" for reporting an exploit? Okay buddy. You think that people who abuse exploits like this are Robin Hood? No, the people who do abuse things like this are just as greedy as the casino.

I don't think you're understanding what I'm trying to say. I'm not sure why people keep bringing up the self-exclusion part. That's not even entirely why I'm accusing Rollbit of scamming.

In the first incident, Razer admits to not paying out the bug bounty because:
1. "The damage was already done"
- This is the founder of Rollbit admitting that the exploit that I found and reported exists

2. "We found it in their own investigation"
- This is clearly a lie and it's just some bullshit he added in because his first excuse is awful

Ask yourself the following questions:
- If this were true, why wouldn't they have taken action sooner?
- If this were true, why did they lie to Stake about it when confronted?
- If this were true, why wouldn't they make it public?
- If this were true, why would they remove the entire gaming provider?
- If this were true, why do they silence me for speaking about it?


In the second incident, I went to try and report the exploit to Stake. I mentioned my interaction with Rollbit to further convince the Stake employees to look into it because nobody's going to believe a random person who claims they are able to increase their RTP. Stake employees are incompetent and didn't even attempt to replicate the exploit. Instead, they went to Rollbit (THEIR COMPETITOR BTW) and asked about it. Rollbit LIED to Stake about the exploit which is why Stake never looked into it either.

All of these sites will continue to be hacked and exploited because of incompetent employees who are too lazy to do their fucking job.

In the third incident, Rollbit employees are so shitty at their job that they need to they have to hire a third-party PR agency to help them out. The person who oversees that
couldn't even catch an error in the final draft of the FaZe x Rollbit Sponsorship that could cost Rollbit their reputation if I didn't find it first.

Rollbit's response to me trying to help them out? They do anything they can to fuck me over and make sure that I lose money.


Razer, when you see this: hire competent people so you won't have to deal with motherfuckers like me.

They refused to unlock my account when I know damn well they can. I only self-excluded from that site due to staff treating me unfairly. The person in charge of the self-exclusion didn't even ask questions and immediately banned me. As I mentioned, they could see that my account was self-excluded before giving a loyalty bonus. Why would they first deny me and say that I can't get paid? Then, after consulting their PR agency, they pretend to be all nice and deposit an unknown amount of funds into an account that I can't access?

I have good reason to believe that they want me to give them something I have. Then, afterwards ban me for it or force me to KYC then deny it. These people do not like me at all.

I'm aware with how their system works, I think you might just be misunderstanding what I'm posting. I am calling them out for being unfair to me in multiple different incidents.

I've already asked them to remove the self-exclusion and they won't, you would have learned this by looking at the screenshots I provided.

It's honestly a shame that I even have to make this thread because I actually really like Rollbit's overall product.
However, my problem isn't with the product, it's with the people who run it.

Yes, I know I probably have Stockholm Syndrome...


First Incident:
Back in early November 2023, I observed suspicious patterns between a few players on Rollbit's "Recent High Roller Bets" page. This lead me to stumble upon a bug/exploit on a game that significantly increased a player's RTP when certain protocols were followed, similar to an Easter Egg in a video game...

After observing the patterns of the same players and running more tests, I found this to be replicable on around 5 other games from the same provider. I then reported it to Rollbit's Staff via the chatbox as well as their Discord server on multiple separate occasions. I have a partial screenshot of the Discord interaction below, but I didn't think to screenshot the chatbox because I was told that somebody would contact me. Nobody ever did contact me anyways.

About 10 days went by since my initial report, it's now the 20th or 21st. In between this time, Staff acted oblivious to it and always avoided interaction whenever I'd mention it. I figured at this point that they weren't able to replicate it and probably saw me as "The Boy Who Cried Wolf". So, I went to try and replicate it with video evidence, but I saw that the provider had been removed. I checked Rollbit's Twitter & Discord to see if they made an announcement and I asked staff members in the Discord—they again avoided the subject. I thought this was odd, so, I decided to contact a founder to look for answers... I attached images of our correspondence below.


1. https://i.ibb.co/PgmNWC4/1.png
- This image is my initial message where I mentioned the bug describe previously as well as something else I found.

2. https://i.ibb.co/GkPmhzq/1-3.png
- I was denied a bug bounty because "the damage had already been done" and apparently they had found it within their own investigation... of what, the multiple reports I made prior?
- This is me showing that I did report it to a staff member back on the 13th. In the screenshot, I explain that part of the message was deleted by staff and another part by me for opsec reasons. Using inference, you can get an idea of what I'm saying is accurate. What's even worse is that the staff member just posts an image of Pepe when responding to a critical level bug.
- It took me only about 30 minutes to an hour to get a good understanding of how to do the bug on all 5 of the games. Why did it take them roughly 10 days to take action? If the damage was that bad to where you can't even hook a dude up for reporting such a bug, why would you not take action immediately? That makes no sense to me. It's almost as if he's lying and trying to put blame somewhere else (this is a common occurrence with the Rollbit staff)



Second Incident:
Since Rollbit was being unfair, I went to Stake and reported the same thing. I mentioned everything to the guy at Stake, even about how Rollbit was acting toward the situation.


What does Stake do?
- https://i.ibb.co/L02R4kX/2024-02-18-10-04-14-Window.png
- The Stake guys really went to one of their competitors and asked about the validity of my claim... That's the most absurd idea I've ever heard, of course they would deny my claims, because it wouldn't make them look good....

https://i.ibb.co/mtWsjJV/2024-02-18-10-15-29-Window.png
- This is Stake's reasoning for not further reviewing my reports. They stated that they never even tested it out and instead used preliminary checks to see if what I was saying was valid. I explained to their staff that this exploit and the way it was structured seems more like an Easter Egg, almost as if it was intentionally intentionally....



Ongoing Incident:
- I'm not going to mention too much about this as it's ongoing, but it's pretty serious...

https://i.ibb.co/SPQMp7M/2024-02-18-10-58-40-Window.png
- Here, I was given the Rollbit Deluxe Special: 1 Security Incident, minus bug bounty payout, add a side of deflection...
- I mention to Rollbit that this has everything to do with Rollbit and they clearly have some kind of problem with me. They go quiet.
- Because of this, I self-exclude from the website. I'm not going to help a site improve if they're just going to take all of my money, shit on me as much as possible, and not take me seriously.

https://i.ibb.co/0GkrSnL/2024-02-18-11-02-00-Window.png
- The next morning, I receive an email very early in the morning from Razer, the founder, stating how he deposited a loyalty bonus in my account and that they'll keep me updated.
- This is clearly them lowkey taunting me and baiting me to help them out. Razer knows that I was self-excluded, yet he still deposited the money on an account I can't even access. They pretend to not have the ability to unban me.
- Because of how Rollbit has been to me in the past, I assume they're going to act all nice and wait for me to fix the problem via the third-party company then ban me with whatever unknown amount of money the bonus is.




There's more than this, but I'm kinda tired of being reminded of all of the bullshit encounters I have had with them.