GGPoker has issued a statement addressing a security breach after several players spotted a user with the name MoneyTaker69 winning at an absurd rate.
News of the potential superuser scandal broke on December 28. While most people were enjoying the festive season, someone called GGSuperUser started a forum thread containing data that exposed a suspected cheat.
By their calculations, MoneyTaker69 won at a rate of 90 big blinds per 100 hands (90bb/100). With a sample size of 8,900 hands in December (see image below), the win rate was unlikely to be a hot streak. To make the unusually high win rate even more suspicious, MoneyTaker69 had a VPIP (voluntarily put in the pot) of 53%.
GGPoker superuser wins over $47,000 with volatile strategy
GGSuperUser went on to state that MoneyTaker69 had also won $47,586 in an MTT while playing an “extremely volatile strategy.” A representative for GGPoker responded to the results privately and said a public announcement would follow.
That announcement came on December 29 in the form of a blog post. The post detailed what GGPoker’s security team described as “unusual game patterns.” The issue, as stated, was due to a “client-side vulnerability” in the GGPoker desktop client for Windows.
Anyone familiar with GGPoker will know that it has a thumbs up/thumbs down feature. The alleged cheater identified a vulnerability within this feature. This weakness allowed them to customize their game client.
Through this, as well as known attack vectors within the Adobe Air framework, the suspected hacker was able to deduce their all-in equity i.e. how likely they were to win at showdown. Knowing the showdown value of their hand against an opponent’s hand reportedly allowed MoneyTaker69 to make optimal decisions.
Anyone who’s been around online poker for a while will probably remember the POTRIPPER scandal of 2007. The player known as POTRIPPER exploited a weakness in Absolute Poker’s software that allowed them to see everyone’s hole cards. The scandal also affected Absolute Poker’s sister site, UltimateBet, and, eventually, contributed to their downfall.
Latest superuser scandal didn’t involve hole card exploit
Although similar, the GGPoker superuser scandal isn’t exactly the same. Security experts for the online poker site have said the suspected hacker wasn’t able to see anyone else’s whole cards, nor were they able to access GGPoker’s servers. Instead, they were able to make superuser-like moves by knowing their all-in equity.
MoneyTaker69 has since been banned from the site and $29,795 in “unfair winnings” has been given back to affected players. A tweet from GGPoker has also confirmed that the $47,586 MoneyTaker69 won in the MTT will be redistributed to players.
Additionally, GGPoker has temporarily disabled the thumbs up/thumbs down feature and issued security patches to prevent further “client-side data leaks.” A spokesperson for GGPoker has also said that the company will be adding more people to its security team over the coming months.
Another potentially significant twist in the GGPoker superuser scandal is the username, MoneyTaker69. Although unconfirmed, there is an infamous hacking group that goes by the name MoneyTaker. The group is said to engage in “white hat” hacking, which, essentially, means they’re doing it for the good of users. They target major companies in an effort to prove their systems are vulnerable to hackers. Money is then returned to the companies.
As yet, there is no evidence MoneyTaker69 is linked to the MoneyTaker group. However, if it is, the online poker community may owe them a debt of gratitude for bringing to light a security flaw that could have cost players a lot more money.