Nick Hawke, the owner of The Bitcoin Strip, managed to get an exclusive with Hufflepuff, an infamous hacker. The supposed perpetrator of one of the largest Bitcoin heists in the crypto gambling world. He gave TheBitcoinStrip.com a world-first exclusive insight into the before-and-afters of a large-scale orchestrated theft.
Backstory: In mid-2014, HufflePuff managed to win more than US$1,000,000 from Primedice by taking advantage of its flawed client-server seed pair mechanism. The trick was later discovered, but HufflePuff refused to return the coins, and his identity remains hidden to this day.
Massive heists have become commonplace in Bitcoin e-commerce. Ever since the currency became worth a tiny fortune, everybody has been trying to get their hands on them.
Hundreds of millions of dollars worth of cryptocurrency have been ripped from the hands of large Bitcoin businesses over time, and the vast majority appear to get away with it.
The first major heist was Mt Gox’s early 2011 loss of 25,000 Bitcoins, worth US$500,000 at the time. Later, the exchange company famously lost a staggering $436 million—a crisis that will never be forgotten.
I had the rare opportunity of talking to a Bitcoin casino operator’s most hated player. In 2014, he (allegedly) semi-famously skimmed 2,400 Bitcoins from popular dice casino Primedice over two months. Initially, Primedice staff couldn’t find any wrongdoing and so they paid him out with the hopes that he would keep gambling and eventually lose.
Unfortunately for Primedice, that time never came. He did keep gambling, but he kept winning. It wasn’t until he racked up a profit of over US$1,000,000 that Primedice staff detected the exploit.
Crypto-casinos like Primedice use a mechanism called provable fairness to prove that it isn’t cheating its players. In this case the feature, which was designed to nurture trust, backfired on the casino. Hufflepuff supposedly cheated Primedice by flooding its seed generation function until the server erroneously spat out a decrypted-yet-playable server seed. Because the server seed was decrypted, the hacker now knew ahead of time whether his bet was a winner.
In 2021, it is unknown how devastating an effect the hack had on Primedice’s investors, but the casino is still around to this day.
This is what he had to say.
TheBitcoinStrip.com: You pissed off a lot of people. Do you feel remorse for your actions?
HufflePuff: Absolutely not. I know that I caused Stunna grief, but he is doing just fine. Besides, I took the money fair and square.
TheBitcoinStrip.com: Let’s go back to the beginning. When and how did you get involved with Bitcoin?
Hufflepuff: I learned about Bitcoin from a friend in 2013, during the price surge. At the time, Bitcoin was trading at $220 US. I’ve always been an opportunist, and so when I came across Bitcoin casinos, I immediately looked for easy targets.
TheBitcoinStrip.com: Can you tell us a little about yourself? What’s your rough geographical location, and what do you do for a living?
Hufflepuff: No. I’ve been careful to be anonymous.
TheBitcoinStrip.com: Fair enough. Are you behind any other Bitcoin casino attacks?
HufflePuff: I’m not going to lie to you, and I’m not going to answer that question. It would be stupid too.
TheBitcoinStrip.com: Do you have any plans to return the stolen funds?
Hufflepuff: I didn’t steal anything, and so, there is nothing to return. I was willing to have a dialogue with Stunna from the get-go, but he came straight away with heavy threats. That was a bad move. In a way, I’ve done Stunna and the community a favor by shining a light on their stupidity.
TheBitcoinStrip.com: Do you play on any Bitcoin casinos today?
Hufflepuff: No. I don’t trust them. Bitcoin casinos are run by idiots, as I demonstrated. I wouldn’t trust any of them. Not with a single dollar.
TheBitcoinStrip.com: Why do you say they’re all idiots?
Hufflepuff: Look at how long they took to figure it out. It took Primedice months because the staff didn’t even understand how its own system worked. Even after it was over, they blamed it on their RNG. That had little to do with it. It was a race attack.
TheBitcoinStrip.com: Why $1 million? Why not more?
HufflePuff: I didn’t stop at $1 million. After Stunna sent me those threats, I kept playing. I was able to withdraw an extra 100 BTC before they finally changed their code.
TheBitcoinStrip.com: What were these threats you keep mentioning?
Hufflepuff: I was messaged with many threats from the owner. He threatened to release my details to the authorities, and promised he would land me in prison if I didn’t pay. It was extortion. It wasn’t friendly.
TheBitcoinStrip.com: On the subject of repercussion: Is that something you are worried about?
Hufflepuff: Absolutely not. What I did was not illegal. Primedice, on the other hand, is an illegal casino. Do the math.
TheBitcoinStrip.com: So how do you cash out $1 million (more now) of “stolen” Bitcoins?
HufflePuff: Simple. You don’t.
TheBitcoinStrip.com: What are you planning to do with the money?
TheBitcoinStrip.com: Is there anything else you would like to add?
Hufflepuff: Yes. Primedice still has some pending withdrawals that they need to process.
Disclaimer: I cannot guarantee that the person I spoke to was, in fact, HufflePuff, nor do I have any additional information that could lead to his real-life identity. Sorry folks.
Malicious hackers are a constant threat to online casinos as they look for the smallest loopholes and vulnerabilities to take advantage of. One of the latest trends in cybercrime is the DDoS attack. These, like ransomware attacks, can be particularly devastating to an online casino site. It can cause huge financial harm to an operator and its players and actually collapse the company completely. In contrast, players face the vulnerability of having both their personal and financial information exposed.
Online Bitcoin casino sites, although offering tight security, are vulnerable to crafty hackers that can get into their systems. There are different types of BTC casino hackers. The external hacker is an individual or group of hackers that infiltrates the Bitcoin casino from outside at his own convenience. Regardless of the location, he launches attacks in an attempt to steal sensitive data, create havoc or commit fraud. The insider is often a disgruntled or overambitious employee who can cash in others’ chips or harvest customer details. However, there are various ways that these unscrupulous criminals can hack into a casino to steal Bitcoin.
Bitcoin casino platforms need to be constantly on the lookout for new ways hackers can get into their systems, especially with new technology constantly being designed. The online Bitcoin gambling industry has to be proactive and use all of the tools at its disposal to avoid such things as:
It’s no secret that the online Bitcoin casino and gambling industry has grown exponentially over the past several years. Experts predict that it will be worth a mind-boggling $92 billion by 2023. This makes it a very attractive playground for hackers and criminals lurking in the hallways of online casinos. It is because of this that online betting platforms have had to up their game when it comes to online security for themselves and their players.
Since the Hufflepuff hack, there have been many attempts, and in 2019/2020, there was a Chinese consortium (if you can call it that) of hackers targeting and hacking into companies that run online gambling and online betting websites. The hackers appeared to have stolen company databases and source code, but not money. However, it still showed that online casinos are not as impervious as they should be.
SSL encryption is standard in all online casinos, and BTC casinos are no different but are it enough?
Online casino security does not stop with one party. It is up to everyone to ensure the security of personal and financial information.
However, Online casinos, Bitcoin-accepting or not, have a massive responsibility to protect the personal and other information of their players. Information like passwords, account numbers, and credit card information is all sensitive and can be severe if open to hackers and the like.
Players also need to do their part by only playing while using a secure operator, so their information is not likely to be compromised if they aren’t using a secure internet signal. Open Wi-Fi networks such as those found in coffee shops and other businesses give hackers plenty of opportunities.
At the end of the day, it is in everyone’s best interests to take every precaution when playing in a BTC casino. From industry, regulators, operators, and the end-user. Everyone needs to ensure they have done everything they can to have a safe and fun Bitcoin casino experience.
Sign up for exclusive bonuses from TheBitcoinStrip