Online poker has come a long way since the 2007 superuser scandals at the now-defunct Ultimate Bet, and yet GGPoker issued an announcement yesterday confirming that a player named “Moneytaker69” had been banned and had nearly $30,000 in winnings confiscated. Details of the scandal came to light after a post on the 2+2 forum:

In December, Moneytaker won 90bb/100 on GGPoker in 8,900 hands playing with 53% VPIP. Soon after, he won a $150 MTT, winning $47,586, while playing very strangely, which aroused a lot of suspicion. GGPoker has privately acknowledged the situation and is preparing to resolve it, but it is important for the public to know immediately due to the seriousness of the case.

GGPoker is an Asian GG Network room. Since 2020, the famous WSOP tournament series has been held there and it has become the world's leading online poker room.

Register using this link to get access to GipsyTeam bonuses:
  • Increased first deposit bonus
  • Increased rakeback and reloads
  • Help with deposits and cashouts
  • Access to private freerolls
  • Round-the-clock support

The Results

The following results graph comes from Smarthand, a website that monitors online poker results. MoneyTaker won 90bb/100 in December playing 53/17.

938-1704080576.webp

Typically, a player with this VPIP/PFR ratio would be in the -50bb/100 range. Even if we were extremely generous and said he was breaking even, this would be a static anomaly. For a recreational player who plays -50bb? Impossible.

Here is a Primeope simulation of the probability of a breakeven player getting that lucky.

939-1704080823.webp

Below is a simulation of possible outcomes for a player with a given win rate using primedope's variance calculator. The light blue line at the top of the graph represents the best possible outcomes, which would be absolute luck with a 1 in 1,000 chance of happening.

This is a -50bb player playing 9,000 hands. His result on the light blue line would be -10 buy-ins, but Mokeytaker won 77 buy-ins.

937-1704080575.webp

Additionally, MoneyTaker won the GGMasters Sunday, a $150 MTT, which is a big Sunday tournament. This makes the possibility of chip dumping or targeting specific players with a virus much less likely.

936-1704080574.webp

The Hands

The following "strange" hands have been collected by various users:

935-1704080573.webp
934-1704080572.webp
933-1704080571.webp
932-1704080570.webp
931-1704080568.webp

How was MoneyTaker69 Cheating on GGPoker?

Based on his play, the most natural explanation is that he can see the cards. He rarely puts in chips when he is behind or calls the river with the worst hand. Furthermore, his win rate is so high that not even a solver could explain it.

It's unclear how he can see other people's cards, and it's possible he's not the only one exploiting a flaw in the system. An old post on 2+2 highlighted a group of suspicious accounts that played for brief periods and won over 30bb/100, which is particularly difficult on GG due to its rake structure.

There's no clear evidence that all players are superusers, but it's not unreasonable to suspect that this could be a larger-scale problem.

The MoneyTaker Hacker Group

"MoneyTaker" is a group of hackers. It's unclear if this account is somehow associated with them or if it's just a reference, but it's worth mentioning:

940-1704081036.webp
941-1704081037.webp
942-1704081038.webp

What's Next?

As a community, we await GGPoker's response. I'm confident they will do the right thing and share everything they know about this incident soon.

GGPoker's response

The post mentions that GGPoker recognized the situation and was preparing to resolve it. And, 15 hours later, a statement was released on X, the old Twitter.

In the statement, GGPoker states that through the use of the 'Thumbs Up/Down Table Reaction' feature, “Moneytaker69” was able to customize the game client, alter game packets, and intercept network traffic. "Moneytaker69" was then able to use this information to deduce hand equity, exploiting what GGPoker calls a "client-side data leak vector."

GGPoker says its engineers detected this vulnerability and released an emergency update on December 16 to disable the feature.

However, due to the game's customized client already being in the hands of “Moneytaker69”, the user was still able to continue using the exploit. According to GGPoker, through the data collected, “Moneytaker69” could guess his probability of winning with a good margin.

GGPoker said the client-side vulnerability has been fixed. "Moneytaker69" was also banned and $29,795 was confiscated. They also said that buy-ins from any tournaments he played would be refunded.

“We can ensure that the security and integrity of our games is our priority so that we can provide safe and fun games for all of our players,” GGPoker said in a later post. “We have done and will always do everything in our power to prevent any form of cheating."