Page 1 of 2 12 LastLast
Results 1 to 20 of 30

Thread: ACR player claims a withdrawal was made without his permission. PFA is on the case...

  1. #1
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016

    ACR player claims a withdrawal was made without his permission. PFA is on the case...

    https://twitter.com/_WasAllADream/status/1506389175167340545
    https://twitter.com/_WasAllADream/status/1506389179126751243
    https://twitter.com/_WasAllADream/status/1506389183048396800
    https://twitter.com/_WasAllADream/status/1506389185711812621
    https://twitter.com/_WasAllADream/status/1506515359385411586
    https://twitter.com/_WasAllADream/status/1506511729991241732





    Cliffs:

    - Guy notices withdrawal was made from his ACR account

    - Went to his e-mail, saw nobody logged in but him

    - There were indeed withdrawal e-mails, but he claims he never saw them nor clicked them prior to being processed

    - Email said that a new device logged into his ACR account, needing a click for verification to access, which he also never clicked

    This occurred on March 13.

    I am in the process of talking to the guy privately, and will report back what I can. I will ask his permission before revealing anything sensitive or detailed.

  2. #2
    Platinum FRANKRIZZO's Avatar
    Reputation
    482
    Join Date
    Sep 2014
    Posts
    3,393
    Load Metric
    65654016
    How much did they get him for?

  3. #3
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    Quote Originally Posted by FRANKRIZZO View Post
    How much did they get him for?
    Wanted to make sure it was okay with him to post this, but he said it was fine.

    They got him for almost $9k.

    It appears it was NOT an inside job from his house.

    Someone went onto ACR with a device the system hadn't seen before, and somehow got into his e-mail to click the link to authorize the new device, and then did the withdrawal.

    I sent him to ask ACR support the following:

    1) What kind of withdrawal was it? If crypto, what was the address?

    2) What was the IP of the device requesting the withdrawal?

    3) What was the type of device making the withdrawal, and has it been seen before on ACR?


    If they answer, I will be able to go from there to figure out what happened. If they refuse, I can reach out to some contacts to get them to tell him this stuff. It's his right to know.

    He ran a Windows Defender and Malwarebytes scan on his computer (the latter at my request), and nothing malicious was found.

    Mystery so far, but I'm very curious to figure it out.

  4. #4
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    Well, this whole thing took a bizarre turn, and now I'm seriously starting to think that this WAS an inside job at ACR.

    It all started when I messaged the guy tonight, shortly before radio, that I was wondering if he had any updates for me. I hadn't heard from him in the 3 1/2 days since we first discussed this.

    Four hours later, at 12:30am, he responded while I was on radio. I offered him to come on the show, but he said he was tired, and politely declined. Brandon was on radio with me at the time, and noted that it seemed weird that the guy couldn't see if it was a crypto withdrawal, because Brandon plays there and this info always shows for him.

    I asked the guy via Twitter DM if he could check again if he could see the type of withdrawal it was.

    This prompted the guy to go log into his ACR account for the first time in several days, to see if he was perhaps missing something.

    Instead, he found that the entire withdrawal had been restored to his account, and his balance was back over $9k!

    He was shocked to see this, especially because ACR had never e-mailed him that they did this, nor had they answered his recent questions regarding the IP address of the person initiating the withdrawal from his account.

    He then sent me this screen shot (zoom in to see it).

    Name:  acr-theft1a.png
Views: 3503
Size:  13.1 KB


    The reason was "Fraud", Payment method was "Sec-Reimbursement" (presumably "Security Reimbursement"), and the descirption was "Reintegration due to breaching incident".

    Breaching incident?! That sounds like it was something on ACR's end.

    I find it highly unlikely that ACR would have credited this guy over $8800 out of their own pockets if the "breach" had been due to his own inability to keep his account or computer secure!

    This looks like security discovered that indeed this was an inside job ("breaching incident"), so they kicked the guy back his money.

    Another player claimed on March 23 that the exact same thing happened to him:

    https://twitter.com/C4NKL3S/status/1506798764580868102



    I have a feeling that there are some thieves working behind the scenes at ACR, and they are aware of it, but don't want it known, for optics reasons.

    What the hell is going on here?! Zero chance this guy got a credit of almost $9k just because ACR felt like being nice after someone hacked him. When I first read this story, I figured the problem was on his end. Now I think there's a high chance ACR is having security issues with their accounts.

    Developing...

  5. #5
    Gold PositiveVariance's Avatar
    Reputation
    1976
    Join Date
    Jun 2020
    Posts
    1,580
    Load Metric
    65654016
    At least the thief was kind enough to leave him $216. I wonder why they didn’t take every last dollar?

  6. #6
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    Quote Originally Posted by PositiveVariance View Post
    At least the thief was kind enough to leave him $216. I wonder why they didn’t take every last dollar?
    I theorized on radio (to be posted later) that maybe ACR has some kind of internal check for withdrawals over $9k, so they keep them below that number.

    I'll find out how much they pulled from the other guy.

  7. #7
    Plutonium sonatine's Avatar
    Reputation
    7368
    Join Date
    Mar 2012
    Posts
    33,368
    Load Metric
    65654016
    it was north koreans and im actually not joking.
    "Birds born in a cage think flying is an illness." - Alejandro Jodorowsky

    "America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs

  8. #8
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    Another player hit back in late January.

    Same story -- he complained, and got his money back 17 days later.

    This one was for about $14k.

    I edited the images of the payouts and the money return so they better fit on the screen of this forum, and also redacted transaction numbers. However, these all look legit to me, as I have the original screen shots. Zoom in to see better.

    Name:  acr-theft2.jpg
Views: 2928
Size:  34.8 KB

  9. #9
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65654016
    moneymaker claims he talked to you and said it’s not an inside job. As I said over there if it’s not an inside job then players need to run and pull money off ACR because their whole financial system has been compromised clearly. Personally I think Moneymaker is drinking Nagys Koolaide and he’s accepting the crap being told to him.

  10. #10
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    New reports of this keep rolling into my Twitter DMs every day, and all of them seem credible.

    All of them involve amounts $9k-$20k, with the exception of one bizarre situation where a guy deposited $247 and it was promptly withdrawn and stolen. (Oddly they didn't touch the original $68 he had in the account prior to the deposit.)

    All of them have very similar circumstances -- no password change, no breach in e-mail, and no sign anything's wrong. Suddenly a withdrawal is made via bitcoin, and they're out the money.

    In some cases, a refund was made. In others, no refund was done yet, but the process of investigation tends to take 2-3 weeks, from what I've seen.

    No explanation is ever given when the money is refunded. ACR refuses to give anyone the IP address or bitcoin address of the person making the fraudulent withdrawals. They just ignore these requests.

    Very high chance at this point that an insider is doing this. I don't believe management is in on it, but I know 100% they're aware of it, as I had the message passed to Nagy himself that this is going on.

    It is highly suspicious that ACR is both refunding these large amounts to some people (why would they if it's the players' fault), as well as the fact that ACR will not provide the IP/bitcoin address info. I think they're trying to internally stop this before the story gets out.

    The earliest known instance of this was on January 26th. The latest known incident was April 3.

  11. #11
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    Regarding all the ACR conspiracy stuff (including Chicago Joey's disappearance from social media), let's keep that off this thread.

    I moved it to a separate thread: https://pokerfraudalert.com/forum/sh...2-also-own-ACR

    Let's stick to what's definitely happening here:

    People are having their accounts breached and withdrawals made, but their passwords are never changed and their e-mail is never compromised. At least two of them have been reimbursed large sums of money -- something unlikely to happen if this wasn't an inside job.

    I didn't hear about any of this prior to January 26, 2022. Now it's happening to a ton of unrelated people.

    Something is going on here. I don't believe management is involved. My theory is that one or more rogue employees have a way to get into accounts without having to know the password (or, alternately, can see the passwords somehow).

    I will continue to investigate this. I am talking to several people right now who claim to be victims of this, and they all seem credible.

  12. #12
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65654016
    Quote Originally Posted by Dan Druff View Post
    Regarding all the ACR conspiracy stuff (including Chicago Joey's disappearance from social media), let's keep that off this thread.

    I moved it to a separate thread: https://pokerfraudalert.com/forum/sh...2-also-own-ACR

    Let's stick to what's definitely happening here:

    People are having their accounts breached and withdrawals made, but their passwords are never changed and their e-mail is never compromised. At least two of them have been reimbursed large sums of money -- something unlikely to happen if this wasn't an inside job.

    I didn't hear about any of this prior to January 26, 2022. Now it's happening to a ton of unrelated people.

    Something is going on here. I don't believe management is involved. My theory is that one or more rogue employees have a way to get into accounts without having to know the password (or, alternately, can see the passwords somehow).

    I will continue to investigate this. I am talking to several people right now who claim to be victims of this, and they all seem credible.
    Seriously Todd what has Moneymaker said you saw the tweet he sent me last week. He claimed it wasn’t an inside job and he claimed he talked to you about the whole thing. I’m guessing he lied

    Edit: I maybe willing to cut CM a little slack only because I think he’s being fed a bunch of shit from Phil Nagy himself. Moneymaker is drinking the koolaid Nagy is serving clearly in that he’s still claiming it’s not an inside job. If it is then Nagy is covering it up (highly likely) and is going to make Moneymaker look like a fool which is sad. If it is true that it’s not an inside job then again this is a major security breech of the sites financial system and players should run away quickly. I get there’s not a lot of options but if your leaving funds on ACR well aware funds are being stolen from off the site then I don’t know what to tell ya.
    Last edited by ftpjesus; 04-05-2022 at 07:34 PM.

  13. #13
    Silver
    Reputation
    208
    Join Date
    Mar 2013
    Posts
    858
    Load Metric
    65654016
    Quote Originally Posted by Dan Druff View Post
    New reports of this keep rolling into my Twitter DMs every day, and all of them seem credible.

    All of them involve amounts $9k-$20k, with the exception of one bizarre situation where a guy deposited $247 and it was promptly withdrawn and stolen. (Oddly they didn't touch the original $68 he had in the account prior to the deposit.)

    All of them have very similar circumstances -- no password change, no breach in e-mail, and no sign anything's wrong. Suddenly a withdrawal is made via bitcoin, and they're out the money.

    In some cases, a refund was made. In others, no refund was done yet, but the process of investigation tends to take 2-3 weeks, from what I've seen.

    No explanation is ever given when the money is refunded. ACR refuses to give anyone the IP address or bitcoin address of the person making the fraudulent withdrawals. They just ignore these requests.

    Very high chance at this point that an insider is doing this. I don't believe management is in on it, but I know 100% they're aware of it, as I had the message passed to Nagy himself that this is going on.

    It is highly suspicious that ACR is both refunding these large amounts to some people (why would they if it's the players' fault), as well as the fact that ACR will not provide the IP/bitcoin address info. I think they're trying to internally stop this before the story gets out.

    The earliest known instance of this was on January 26th. The latest known incident was April 3.
    I realize that you have Moneymaker's ear but have you tried contacting Randy Nanonoko Lew, who is the "security consultant" for ACR? He seems nice, maybe get him on the radio, would be a good listen

    AMERICAS CARDROOM WELCOMES RANDY LEW - AYO.NEWS
    https://ayo.news/2020/12/30/acr-randy-lew
    Dec 30, 2020 · US-facing poker site, Americas Cardroom (ACR), has hired Randy “Nanonoko” Lew as Security Consultant and Gameplay Expert.

    https://www.prnewswire.com/news-rele...301198350.html

  14. #14
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65654016
    Quote Originally Posted by JoeD View Post
    Quote Originally Posted by Dan Druff View Post
    New reports of this keep rolling into my Twitter DMs every day, and all of them seem credible.

    All of them involve amounts $9k-$20k, with the exception of one bizarre situation where a guy deposited $247 and it was promptly withdrawn and stolen. (Oddly they didn't touch the original $68 he had in the account prior to the deposit.)

    All of them have very similar circumstances -- no password change, no breach in e-mail, and no sign anything's wrong. Suddenly a withdrawal is made via bitcoin, and they're out the money.

    In some cases, a refund was made. In others, no refund was done yet, but the process of investigation tends to take 2-3 weeks, from what I've seen.

    No explanation is ever given when the money is refunded. ACR refuses to give anyone the IP address or bitcoin address of the person making the fraudulent withdrawals. They just ignore these requests.

    Very high chance at this point that an insider is doing this. I don't believe management is in on it, but I know 100% they're aware of it, as I had the message passed to Nagy himself that this is going on.

    It is highly suspicious that ACR is both refunding these large amounts to some people (why would they if it's the players' fault), as well as the fact that ACR will not provide the IP/bitcoin address info. I think they're trying to internally stop this before the story gets out.

    The earliest known instance of this was on January 26th. The latest known incident was April 3.
    I realize that you have Moneymaker's ear but have you tried contacting Randy Nanonoko Lew, who is the "security consultant" for ACR? He seems nice, maybe get him on the radio, would be a good listen

    AMERICAS CARDROOM WELCOMES RANDY LEW - AYO.NEWS
    https://ayo.news/2020/12/30/acr-randy-lew
    Dec 30, 2020 · US-facing poker site, Americas Cardroom (ACR), has hired Randy “Nanonoko” Lew as Security Consultant and Gameplay Expert.

    https://www.prnewswire.com/news-rele...301198350.html
    Yikes if Randy isn’t careful he’s gonna be made the scapegoat by Phil Nagy I’m betting. He hasn’t been on Twitter much himself it appears only a handful of tweets since the holidays.

  15. #15
    Gold Ryback_feed_me_more's Avatar
    Reputation
    165
    Join Date
    Oct 2012
    Location
    Sin City
    Posts
    1,453
    Load Metric
    65654016
    This is some serious shit going on and the CEO Nagy or somebody needs to explain it and quick. Ive played on ACR and still do sometimes and right now Im about to pull my funds off the site until this is resolved. Im not a huge fan of Bodog/Ignition honestly but there issues have been minor outside of the shadiness they pulled on poor Tradersky. This seems to be outright theft of players funds.. Has anybody suggested to get the illustrious Haley Hintze involved to investigate this and turn on the lights and expose the cockroachs before they scatter everywhere. Im sure Phil Nagy knows whats going on and I have to agree either issue is disturbing either he has thieves working for him somewhere or theyve been hacked and cant figure out how its happening. Given the known previous software issues its very possible its the case. Maybe just maybe somebody left a backdoor in there somewhere in the software (would not be the first time its happened). Guess time will tell. In the meantime its time to turn the heat up on ACR to force them to answer to this before somebody does serious damage and takes down the whole site like happened to Lock only this time itll be outright thievery and not just people spending money. ACR cant keep covering these losses if theyre continueing forever and eventually either way somebodys going to end game this shit like happened in that one movie Hackers years ago instead of a cargo ship itll be ACR being cleaned out by either the insiders doing this or the outside hackers if thats the case potentially.

  16. #16
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    I've been hammering them hard on Twitter for the past few days.

    Now we're finally getting somewhere!

    https://twitter.com/ACR_POKER/status/1512109972620029959

  17. #17
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    A "credential stuffing attack" is where hackers who breached other sites' databases attempt to use those same e-mail/password combos to access more sites.

    BTW, their explanation doesn't make sense, because the first victim clearly had no logins in his e-mail to verify the new device logging in to ACR, yet the verification link was clicked. A "credential stuffing attack" would not have allowed this if his e-mail wasn't breached.

    Looks like a cover-up to me. I'm pressing for more details.

  18. #18
    Gold Ryback_feed_me_more's Avatar
    Reputation
    165
    Join Date
    Oct 2012
    Location
    Sin City
    Posts
    1,453
    Load Metric
    65654016
    Quote Originally Posted by Dan Druff View Post
    A "credential stuffing attack" is where hackers who breached other sites' databases attempt to use those same e-mail/password combos to access more sites.

    BTW, their explanation doesn't make sense, because the first victim clearly had no logins in his e-mail to verify the new device logging in to ACR, yet the verification link was clicked. A "credential stuffing attack" would not have allowed this if his e-mail wasn't breached.

    Looks like a cover-up to me. I'm pressing for more details.
    Its all bullshit on ACRs part and bad news for them. Now this is spreading on twitter. Jess Welman has commented (although she didnt say much other then her usual US players shouldnt play off shore but again what choices do US players have Jess seriously 5 states are up and running Online poker none of which have any real momentum without larger player pools) and now a smaller poker journalism site has posted an article mostly based on the postings from PFA.

  19. #19
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65654016
    One of the victims attempted to ask for the IP address and the BTC address of the person who made the unauthorized withdrawal.

    It should be his right to know where his money went, right? Keep in mind he hasn't been reimbursed yet.

    Here's the response he got today:

    Name:  acr_noip2.jpg
Views: 977
Size:  77.7 KB




    Why is ACR hiding the IP address and the bitcoin withdrawal address of the hackers who stole the money from their users?

    Who are they protecting, and why?

    Why not let the community see these,so we can work to identify the thieves?

    Or, perhaps... would they rather we don't identify these people, because it will reveal something they don't want people to see?

  20. #20
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65654016
    Quote Originally Posted by Dan Druff View Post
    One of the victims attempted to ask for the IP address and the BTC address of the person who made the unauthorized withdrawal.

    It should be his right to know where his money went, right? Keep in mind he hasn't been reimbursed yet.

    Here's the response he got today:

    Name:  acr_noip2.jpg
Views: 977
Size:  77.7 KB




    Why is ACR hiding the IP address and the bitcoin withdrawal address of the hackers who stole the money from their users?

    Who are they protecting, and why?

    Why not let the community see these,so we can work to identify the thieves?

    Or, perhaps... would they rather we don't identify these people, because it will reveal something they don't want people to see?
    Not jumping on the conspiracy theory crap of anybody but I’m curious if this is indeed an inside job if there isn’t some borrowing going on and question is are they using incoming deposits to cover these losses. I’m just wondering if there isn’t a shit ton more to this then we even know.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 9
    Last Post: 12-21-2017, 02:23 AM
  2. Replies: 3
    Last Post: 07-09-2017, 07:40 AM
  3. Replies: 10
    Last Post: 08-14-2016, 01:54 AM
  4. Florida poker player claims fellow poker player Ray DePasquale is a career scammer
    By Dan Druff in forum Scams, Scandals, and Shadiness
    Replies: 1
    Last Post: 08-27-2013, 06:25 PM
  5. Replies: 334
    Last Post: 08-14-2012, 07:07 PM