Primedice, one of the biggest bitcoin gambling sites, has suffered a loss of $1 million when one of its members figured out a way to game the system. The user went under the name “Hufflepuff” and was able to device a method to hack the dice roll game that allows people to win bitcoin.
According to the company’s CEO, they are offering rewards to anyone with information that can help them recover the lost money. The company had actually been able to figure out that “Hufflepuff” has been gaming the system but the user declined to return the funds.
Bitcoin Gambling Game
Primedice’s system operates by having the random numbers generated through the use of two seeds, a server seed and the client seed. Users can change and verify seeds used by clicking the “Rerandomize” tab and before the user specifies their own seed, they are shown the SHA256 hash of the server seed that will be used alongside whichever seed they pick.
The bitcoin gambling site uses a multi-step process to create a roll number 0-99.99. Both client and server seeds and a nonce are combined with hmac-sha512(server_seed, client_seed-nonce) which will generate a hex string. However, “Hufflepuff” was able to figure out a way to get Primedice’s server to send out unencrypted seeds, and was then able to use these unencrypted seeds to make bets after he knew whether he’d win or lose.
Since Primedice has a house edge of only one percent, it was difficult to pinpoint that a user had the system figured out. The company simply noticed that the wins of “Hufflepuff” were quickly adding up but they couldn’t figure out why.
Now since bitcoin transactions are anonymous and irreversible, the bitcoin gambling site faces a tough challenge in tracking down “Hufflepuff” and forcing him or her to return the funds. The company is currently focusing its operations in Russia and China after pulling out of the U.S. and Australian markets due to regulation.