Bitcoin gambling site Primedice loses $1m in ‘Hufflepuff’ heist

Bitcoin online gambling site Primedice has revealed how a scammer exploited a software flaw to take the site for over $1m worth of bitcoin last year.

In a confessional post on Medium, a Primedice principal identified only as Stunna revealed that the heist took place shortly after the site debuted the third version of its software last August. A new user named ‘Hufflepuff’ quickly became the site’s biggest betting whale, wagering up to $8k worth of bitcoin “every second for hours on end.” Even more surprising was that Hufflepuff continually managed to beat the 1% house edge.

Convinced something was amiss, the site delayed Hufflepuff’s cashouts while they attempted to figure out what angle he was playing. Unable to pinpoint any overt chicanery, they reluctantly released the funds, and on it went. Hufflepuff kept betting and winning big. All told, Hufflepuff won and withdrew over 2,400 bitcoin, worth over US $1m at the time.

Eventually, Primedice’s digital detectives discovered the exploit. Primedice offers one simple game in which a bettor essentially wagers on whether the roll of a dice will be above or below a certain value. The site shows players an encrypted random value before the players submits his own value and decides how much to wager. Once the bet is made, the encrypted value is exposed to the player and the outcome of the wager becomes clear.