I recently had my account closed for a day on Bovada. I was very worried and called into Customer Service, they transferred me to investigations, who asked me if i had a recent bitcoin withdrawal which I had, so they reopened my account. They also told me they had a problem with recent bitcoin withdrawals being made from apparently not the account owner. This was like the 18th I think. Just chiming in with my 2 cents.

Is the password for the account unique? In ALOT of those situations, you have used the same password somewhere else, this database got hacked and the password has been compromised and then they can attack you, however they want.
Especially with the email-flood, this seems to be someone who is more competent in those scenarios. Dont think, its an employee.

I dont know, how those botcoin-transfers work though. Is it only possible to send via the client? Did they see a login from another county? IP-address?

If you have access to the account you have access to the account details which would list address, last name, etc. With that information it's quite possible to find mothers made name.


Who is your email provider?

Quite possible they spammed all those emails so they could try and get access to the account through the account recovery process. Part of Gmails recovery process is to ask where some of your recent emails were sent from. I lost access to one of my Gmail accounts one time (years ago) and was able to get access to it going through the automated recovery process which didn't require a lot of detailed information.

Have you ever requested a bitcoin withdrawal in the past?

Did your visit any suspicious site in the past days before that incident happen? You might be a victim of phishing sites or even email. Better scan your computer their might be virus or malware hidden somewhere in you computer.

My password for bovada was unique and is certainly not guessable. My email password had the same word, but included numbers with it. My email provider is Gmail. My last bitcoin transaction occurred two months before the hack. I agree it certainly is very possible my end was compromised; however, if this has happened to others i think a security breach on their end is also a possibility and to shrug it off as impossible might be a little hasty. I have played on this site for over a decade and think the recent software changes, bitcoin transactions, ownership movement, etc at the very least lends a little more credence to the possibility that there is a security breach on their end. The main reason for the post was to see if anyone else experienced similar. Sounds like at least one person heard from their department that they have experienced other cases. Also if any of you play on bovada and randomly get hundreds of emails one day you should check your account immediately and often. Thanks for the replies.

I had the same thing happen to me today, lost $1700. Hacker gets your info, requests withdrawal via bitcoin (I have never used bitcoin on th site), spams your email account with a thousand emails to mask the email confirmation and then 48 hours later, the money is gone. I called Bovada and they put the blame on me. Interesting that they have had this issue before. I wonder if there accounts have been hacked and they aren't telling anybody. I disabled the account and won't use them again.

Did you check anything on your own end?

When the world's biggest poker forum only gets a couple of these claims over 7-8 weeks, I'd say it probably isn't widespread. So I suppose it could be a rogue employee taking a little money here or there hoping to not get caught, multiple rogue employees doing this and then quitting, one of the strangest ways I've heard of for Ignition to make some extra money, a scammer has hacked Ignition and is also taking just a little here or there, or...a scammer has gotten hold of your information through a trojan, phishing email, or something else.

At this point, the latter seems most likely to me.

I have a tough time believing this part because "Spam mail" would almost entirely end up in your JUNK folder and the bovada email would be sitting in your INBOX like a sore thumb.

I don't know about the OP, but in my case the emails were fake subscriptions to website newsletters, some English sites and some foreign sites. The spam emails were either asking me to confirm subscription or congratulate me on subscribing. They were addressed to my email address hence not being sent to spam. I got about 1000 and the bovada email was stuck in the middle.

Why a new account to post this stuff?

Because I was pretty pissed about the situation and especially when I was blamed by Bovada. Came here to find out if it happened to others.

Why would they even allow a withdrawal if its not coming from your normal IP address?

Dunno if they do or not. They do check to make sure the ip matches the location. If someone had remote access to computer they could work around this.

Bovada same scam just happened to me. Had 5580 in my Bovada account and the hacker took 5k via BTC withdrawal. I've received about 10k spam emails in the last 2 days...does anyone know when this stops???

To respond to some questions regarding why I didn't see the Bovada withdrawal request. I actually did see it within 45 mins of hitting my gmail account. The problem is, for whatever reason, the real time stamps don't match when these emails actually hit my account. Maybe because at that point my gmail is so backed up, everything comes in delayed. In this particular situation the withdrawal request was made at 3:35pm (Denver time) on Wednesday and I only just got the request email at 4:12pm on Thursday. The transaction processed at 11:45am Thursday, and I received the confirmation of that withdrawal going through at 6:52pm on Thursday.

I'm not here saying this is a ploy of Bovada, but I think Bovada is being targeted in this way to say the least. A few things make me think that...
I received the first spam email at 2:46pm Wednesday and the Bovada request was made at 3:35pm on Wednesday. Thats a pretty quick turnaround imo.

Off topic, but whats with the even withdrawal amount?? Why not take my whole balance of 5580 or at least take 5500. The whole thing just doesn't make any sense. How would the hackers get my mother's maiden name, which is needed to confirm the withdrawal on Bovada.

After speaking with Bovada's security team, they claim that there was nothing out of the ordinary with this withdrawal. Denver, CO ip (where I live) and the same computer that I played poker on 5 days ago was used to request the withdrawal. To me, that makes absolutely zero sense, as I only really log into Bovada from 1 computer and I have had it with me the entire time.

If you get email spammed, check your Bovada account asap.

Well EVERY password is guessable it's just a matter of time and how much computing power the hacker has. If you hide a key in your yard I would not be able to find it cause you would call the police if a stranger was lurking in your yard. But what if I knew you would be on vacation for a few weeks? Or what if I could clone a copy of your yard including the location of the key and "work" on it. It's not like they are logging in and trying to crack your password one attempt at a time cause that will trigger account suspension. They are lifting/hashing out that black prefilled password when you click save password and then "working" on it.

First I would do a dictionary attack in case the user is using an actual word from the dictionary. You did and thought to put numbers after it would be good enough? What is it like chips696? Or is it a really long tricky one like chocolatechips797? Both of those are obviously level 1/entry level hacking passwords meaning even a hacker as weak as myself could crack it relatively quickly.

I got into cybersecurity when I met a guy (not IRL) who was EXCELLENT at cracking passwords. It started off as a goof as he basically was giving me a lifetime brazzers membership for free. I like free and I like brazzers but I knew this was BS. Nonetheless, I decided to look into it. For two years I have had brazzers free and I kinda feel guilty about it (no i don't, I paid brazzers tons of $$ over the years lol). The most interesting thing is how good he is at it. He is often cracking 10+ digit passwords with upper and lower case/special symbols, total gibberish, no dictionary words in them etc. Now, he usually gives me 5 passwords at once in case one breaks (they all do eventually) and some of the passwords are actually like chips696 lol. Those are the easiest to crack but some of them I look at I get really scared b/c i'm like, "holy, f*** you cracked THAT!"

I can't play on bovada in jersey and withdrew my roll but I'll tell you basically my password: WdVHuL.832#K1L!

I'd rate that password about a 7/10. My guy can crack it but it'd take him a long, long time. If I had a lot of money on bovada I'd obviously want a stronger password. But I am using the max allowed characters (15) at least and now that I look at it I might rate it a 7.5/10. It's strong enough that I really only need to change it a few times a year.

Since bovada is the biggest room and bitcoin is their preferred transaction currency, there are guaranteed hackers going after every account.

Also, I'll bet anything your email password is a variation of your bovada password. The most important thing about cracking a password is not to change it or give any signs to the user that it's been cracked.

Now a keystroke logger would be easiest by far but that should get picked up by malware detection etc but the best ones obviously stay hidden because that's the goal.

I'm training to become a hacker but I am only 4 months into training so very, very weak still. Also, by hacker I mean a good one in an area like cybersecurity. Good guys like me are needed because the only thing that can beat a bad hacker is a good one.

I am sorry that happened to both of you. I am not saying your password was lifted, but rather giving you more of an in-depth look into the possibility it was. And it wasn't me. I'm just not good enough and more importantly not a bad person. Or not a bad "enough" person I guess. I mean brazzers is one thing but stealing huge sums of money means you are complete scum and a waste of life.

Try calling bovada and explaining to them that due to lack of rsa token etc their passwords are being compromised. I would try somehow to get your money back. Try to prove in any way possible that it could not possibly be you who withdrew the money. You were out of town that day so it couldn't possibly be you right? (long shot i know)

Don't give up because sometimes a solution comes up that you didn't think of. Most importantly figure out EXACTLY how you were a victim of theft and LEARN how to never let it happen again.

Good luck and I'm sorry this happened.