7. Jun 2017
Many changes are coming to Coinroll.
Starting today, we now have a full time developer which should get issues resolved much faster and offer better support. After fixing some major issues, we have many features planned for, which includes a faucet, auto-bet and many other popular features. We'll keep adding new features and improvements based on feedback, so don't hesitate to drop us a message.
Also, due to one of the owners leaving staff, new server secrets have been generated for future use. You may view the updated list from the verification page.
Regards, Coinroll's Staff
21 Apr 2016
Concerning the recent leaked database, which was mentioned in other news with 4610 accounts was snapshot of old database from June 2014 on a test server. As such, any alteration made to that database would not affect the actual user accounts. To be exact, actual problems are not related with this leak. While this database should not have been accessible publicly, all passwords were hashed with SHA-512. As users could not set or change their password and only strong ones are generated at account creation, it should not be possible to crack any of them. As for the rest of the data, all betting history is public for anyone to audit.
We are asking users with account dating prior to 7 Apr 2016 to contact us to change their password. We have patched a breach with user session/passwords potentially leaking. Also we are trying to be more aware of our security and improve measures to secure the website. Soon we will open a bug bounty program as we want to keep an eye on upcoming vulnerabilities and potential shortcomings of the website.
We have refunded users who claimed stolen balance. Like any reputable Bitcoin company, we keep most of our funds in a cold wallet. If there’s any evidence we are at fault for something, our users can rest assured they are covered.
Regards, Coinroll's Staff
11 Apr 2016 Security Audit
Dear players, lately some users claimed theft of their balance on Coinroll. We are aware of that and we’re running full audit and trying to determine if users were compromised or if there was a breach at Coinroll. We are now taking measures to increase security and taking all precautions necessary.
For users with an account created before 7 Apr 2016, we strongly recommend you to contact support@coinroll.com and request password change and support will help you to change it. To proceed with a password change, you need sign with the first address you’ve made a transaction with to your CoinRoll deposit address. For anyone without a balance, we recommend you use a new account in the future.
We took some basic security checks, going with OWASP top ten guide and securing Coinroll to prevent future thefts and we will be adding two factor authentication option in the future to Coinroll for withdrawals as well. We will update once we know more about what happened. In any case, we wish security to be at its best both server side and user side. No users funds are compromised other than the few claims of stolen balance. We will keep withdrawals and deposits disabled until investigation is done to be sure all balances remain safe.
Regards, Coinroll's Staff