Breaking the house. How Primedice was exploited for 2400… | by Stunna | Medium
This is the story of how we lost around $1 million worth of bitcoin to a hacker who exploited our online casino’s RNG system. This happened last year, but we’ve decided to share our experience for transparency and so that others can learn from our mistakes.
Shortly after the launch of the third version of Primedice, our team faced an adversary that challenged the existence of our website. Our team had nearly two years of experience building bitcoin gaming sites, however I personally had pretty limited coding experience. We were under heavy pressure to avoid further delays and released after a short week of closed beta testing.
The heist began immediately after launch with two unusual players, Nappa & Kane. We noticed unusual betting patterns from both those accounts. Kane was automatically cashed out, we reviewed Nappa’s bets and thought they were highly unusual but could find no wrong-doing and cashed him out after a delay and a brief email exchange
After getting spooked by his delayed cashout on Nappa, the exploiter waited a few weeks and created a new account named “Hufflepuff”. Hufflepuff was the largest bettor Primedice had ever seen, he was often seen betting upwards of $8000 worth of bitcoin every second for hours on end. Our entire team was shocked that Hufflepuff continued to beat the house edge (1%) and stack up more and more profit over time.
