How lost $140k in a reward system bug

1085 recently had issues with its game verification process, leading them to lose a large amount of money and to shut down the service. Users essentially exploited a loophole in the system that had been left wide open by site developers, and was only closed after the company had lost a lot of money. So what is, and how did they lose so much money?

What is is an online betting site that allows users to bet on standard casino games, such as roulette. Players use currency specific to the website, and it works in a very similar way to Bitcoin gambling, in that you don’t use a real-world currency, but winnings can be exchanged for things with real-world value.

The main unique selling feature of the site is that it allows users to connect their Steam gaming accounts and export their winnings into certain games. It also gives users free coins for clocking up a certain number of hours on eligible games.

How did they lose so much money?

Unfortunately,’s generosity was also their downfall. By allowing users to win free coins by playing a certain amount of hours on a game is only really inviting abuse of the system. The website used to only be connected to CSGO and PUBG, but then developers added a new game: Dota2. This is when things started to go wrong for them.

As with every new product and release, the website experienced a growth of new users with the introduction of Dota2. After all, it’s a popular game, and one in which micro-transactions rule. However, found that new users were still pouring in over a month after Dota2 was connected to their site. This was an anomaly, and so was investigated by the site’s developers.

Users had found a loophole in the system that allowed them to continually register new accounts, each receiving their free coins. To combat this, increased the amount of playtime hours required to receive the coins. The users found a way around this, and instead of focusing on thousands of new accounts, they stuck with fewer accounts but got the correct amount of hours needed. In the end, between 10 and 15,000 accounts were claiming free coins every day. If left unchecked, this would have cost tens of thousands of dollars in Bitcoin a day.

To resolve the issue, disabled their Dota2 verification system. Until they have found the loophole in the system, this is the only way they can stop themselves being bled dry by a small number of people. As a company, they give out around $5,000 worth of reward incentives every day, so to have people abusing the system only ruins this for other users.

As with any system, there’s always going to be a small number of users that abuse a system. Luckily, caught it before it blew up into an even bigger issue.