I tracked down the supposed perpetrator of one of the largest Bitcoin heists in the crypto gambling world. He agreed to give TheBitcoinStrip.com a world-first exclusive insight into the before-and-afters of a large-scale orchestrated theft.
Backstory: In mid-2014, HufflePuff managed to win more than US$1,000,000 from Primedice by taking advantage of its flawed client-server seed pair mechanism. The trick was later discovered, but HufflePuff refused to return the coins and his identity remains hidden to this day.
Massive heists have become commonplace in Bitcoin e-commerce. Ever since the currency became worth a tiny fortune, everybody has been trying to get their hands on them.
Hundreds of millions of dollars worth of cryptocurrency has been ripped from the hands of large Bitcoin businesses over time and the vast majority appear to get away with it.
The first major heist was Mt Gox’s early 2011 loss of 25,000 Bitcoins, worth US$500,000 at the time. Later, the exchange company famously lost a staggering $436 million—a crisis that will never be forgotten.
I had the rare opportunity of talking to a Bitcoin casino operator’s most hated player. In 2014, he (allegedly) semi-famously skimmed 2,400 Bitcoins from popular dice casino Primedice over two months. Initially, Primedice staff couldn’t find any wrongdoing and so they paid him out, with the hopes that he would keep gambling and eventually lose.
Unfortunately for Primedice, that time never came. He did keep gambling, but he kept winning. It wasn’t until he racked up a profit of over US$1,000,000 that Primedice staff detected the exploit.
Crypto-casinos like Primedice use a mechanism called provable fairness to prove that it isn’t cheating its players. In this case the feature, which was designed to nurture trust, backfired on the casino. Hufflepuff supposedly cheated Primedice by flooding its seed generation function until the server erroneously spat out a decrypted-yet-playable server seed. Because the server seed was decrypted, the hacker now knew ahead of time whether his bet was a winner.
It is unknown how devastating an effect the hack had on Primedice’s investors, but the casino is still around to this day, trusted with over 1 Bitcoin per minute.
This is what he had to say.
TheBitcoinStrip.com: You pissed off a lot of people. Do you feel remorse for your actions?
HufflePuff: Absolutely not. I know that I caused Stunna grief, but he is doing just fine. Besides, I took the money fair and square.
TheBitcoinStrip.com: Let’s go back to the beginning. When and how did you get involved with Bitcoin?
HufflePuff: I learnt about Bitcoin from a friend in 2013, during the price surge. At the time, Bitcoin was trading at $220 US. I’ve always been an opportunist, and so when I came across Bitcoin casinos, I immediately looked for easy targets.
TheBitcoinStrip.com: Can you tell us a little about yourself? What’s your rough geographical location and what do you do for a living?
HufflePuff: No. I’ve been careful to be anonymous.
TheBitcoinStrip.com: Fair enough. Are you behind any other Bitcoin casino attacks?
HufflePuff: I’m not going to lie to you, and I’m not going to answer that question. It would be stupid to.
TheBitcoinStrip.com: Do you have any plans to return the stolen funds?
HufflePuff: I didn’t steal anything, and so, there is nothing to return. I was willing to have a dialogue with Stunna from the get-go, but he came straight away with heavy threats. That was a bad move. In a way, I’ve done Stunna and the community a favor, by shining a light on their stupidity.
TheBitcoinStrip.com: Do you play on any Bitcoin casinos today?
HufflePuff: No. I don’t trust them. Bitcoin casinos are run by idiots, like I demonstrated. I wouldn’t trust any of them. Not with a single dollar.
TheBitcoinStrip.com: Why do you say they’re all idiots?
HufflePuff: Look at how long they took to figure it out. It took Primedice months, because the staff didn’t even understand how its own system worked. Even after it was over, they blamed it on their RNG. That had little to do with it. It was a race attack.
TheBitcoinStrip.com: Why $1 million? Why not more?
HufflePuff: I didn’t stop at $1 million. After Stunna sent me those threats, I kept playing. I was able to withdraw an extra 100 BTC before they finally changed their code.
TheBitcoinStrip.com: What were these threats you keep mentioning?
HufflePuff: I was messaged many threats from the owner. He threatened to release my details to the authorities, and promised he would land me in prison, if I didn’t pay. It was extortion. It wasn’t friendly.
TheBitcoinStrip.com: On the subject of repercussion: Is that something you are worried about?
HufflePuff: Absolutely not. What I did was not illegal. Primedice, on the other hand, is an illegal casino. Do the math.
TheBitcoinStrip.com: So how do you cash out $1 million (more now) of “stolen” Bitcoins?
HufflePuff: Simple. You don’t.
TheBitcoinStrip.com: What are you planning to do with the money?
TheBitcoinStrip.com: Is there anything else you would like to add?
HufflePuff: Yes. Primedice still has some pending withdrawals that they need to process.
Disclaimer: I cannot guarantee that the person I spoke to was in fact HufflePuff, nor do I have any additional information that could lead to his real-life identity. Sorry folks.
Sign up for exclusive bonuses from TheBitcoinStrip