Bitcoin Forum

Transalating my post from russian subforum
https://bitcointalk.org/index.php?topic=321444.0

Like a month ago, in September I witnessed a lot of double-spending against BetCoin Dice. It happened between 25th and 27th Sept.

The mechanism was simple: send betcoin a tx wit 0 fee, then wait for a result tx, if your bet is a win, then confirm your tx, otherwise double-spend it.

1. Here I'll give you a bunch of transactions which you can examine. Note this is a chain of transactions, so just click on outputs to see.
https://blockchain.info/tx/4d731074447f02609c3110a187f9c6976f2bf255288ec5666ee270f09679619d
https://blockchain.info/tx/e0b44f68441ea0bad0f7694f735f496ce05238862534c6fea737b8903921185a

The double-spending of losing bets was performed by someone mining to https://blockchain.info/address/1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8 , you can check it yourself.

2. I tracked coins down to the origin
https://blockchain.info/tx/154ecb1eb72c933bc0707fa70deceb688361554ab81b901673d308aa84d9cfe9
The most interesting address here is 12PcHjajFJmDqz28yv4PEvBF4aJiFMuTFD
It's been involved in similar actions, look at this chain of win-only tx's
https://blockchain.info/tx/0c1a08d035862b01d075e8044b1e9ce52a8ad951b57d876a2a9a0e3502c41eb0
And the most interesting fact is that these zero-fee tx's inbetween winning ones were mined by ghash.io exclusively. Possibly this was a test attack.

3. Going further, I found the address the earnings from attack were sent to: 12e8322A9YqPbGBzFU6zXqn7KuBEHrpAAv
https://blockchain.info/tx/292e7354fbca1847f0cbdc87a7d62bc37e58e8b6fa773ef4846b959f28c42910
And then part of these funds (125 BTC) was sent to ghash.io's mining address:
https://blockchain.info/tx/48168cf655d0ac0c7c2733288ca72e69ecd515a9a0ab2821087eb33deb7c6962

4. Furthermore, I checked the funds mined to 1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8
In these 2 succeeding tx's they were moved to 199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn
https://blockchain.info/tx/e567ad6232de5285e0dc211d3f1c489b1e00e509118ba98a4825529d0a9197d9
https://blockchain.info/tx/faa7bc8b99376efa774045e79b42771fe668341b00290a61cd416992571c590d

This address is interesting, because it contains 6000 BTC and ~30% of funds come from ghash.io mining address.
https://blockchain.info/taint/199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn

5. And the last thing to spot:
GHash.io, being about 25% of network back then, didn't find a single block to its address between 25th and 27th of september!
https://blockchain.info/address/1CjPR7Z5ZSyWk6WtXvSFgkptmpoi4UM9BC?offset=1350&filter=2


I'm not jumping on conclusions, but these actions require public attention.
Comment here if you have anything to say.

So....you're saying Ghash.io is double spending or someone on it?

I'm saying ghash.io was likely involved in that double-spending.
I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september.
It means that user's hashpower was used for free by pool operators to perform this attack.

I call bullshit.

Support  your statement please.

Did anyone examine what I provided? Or just nobody cares that the second largest pool is performing double spends?

You should send your findings to their support email - it would be interesting to hear their explanation.....don't hold your breath for a reply though, they're a bit slack in that department I hear.  ;)

You support yours.  All I see is FUD.

email from support    

Derrik Goon (CEX.IO)

Oct 31 11:24 (UTC)

Hello uk1,

I would like to inform you that this information you are reading is not accurate, we are a company that does not involve itself in any sort of online gambling, its for the fishes.

Best Regards,
Derrik G.
CEX.IO Support

I've already provided everything in the first post.
Blockchain is a public resource, so you can check it yourself.
If you can't understand it, then refrain from calling it bullshit please.

Will be more interesting to request the list of blocks they mined between 25th and 27th of september.
There's no such stats in public.

Nice forensic research! 

Good job, well done RoadTrain !

Hehe, busted

I don't know how to analyze the blockchain. But if this is really true, double spending bitcoin is big news.

Double-spending a 0-confirmation TX is not new.  It doesn't even require 0.1% of the network hash rate to do it.  This is why accepting unconfirmed transactions is foolish.  Allowing 0-confirm txes to count as a payment should only be done for online services that are easily revokable without impacting the business for the period before it was a confirmed doublespend.

So, how about 3 confirmations payment, can it be double spent?

Very unlikely, even 1 confirmation payment is quite safe.

Interesting findings. Has anyone emailed CEX.IO about this.
Watching this thread....

You can look at pool's support response a few posts above :)

FYI bitfury (russian-speaking) and ghash have a questionable reputation in the russian subforum. And for a reason :)

Wish I could read Russian.......so go on, spill the beans my man  ;)

[offtopic]
Bitfury has been contradictory in his posts about whether he's associated with ghash or not.
He's been associating himself with sort of "ideological" mining, being committed to network security, while his chip-making bussiness is considered controversial and greedy (but that's the market I must admit).

(It's already a common practice to sarcastically call him "ideological miner") :)

His russian associated ASIC distributor Metabank is commonly compared to BFL in their bussiness model (though I personally think they are not as bad).

But it's not analysis, just emotions people express in russian subforum.

[/offtopic]

Im surprised this is not causing any more discussion. The largest pool appears to be double spending, and everyone is mum? Has this been debunked or what?

It seems that everyone is busy with their Jupiters and Saturns. The related topic grows 10 pages per day.

I won't be staying mum for much longer - if they don't respond soon to this and other concerns me & many other people have about their whole set-up, I'll be posting an open letter to them on their service thread demanding that they explain this and other issues. The more I look at this thing, the more alarm bells start ringing  :(

Personally, if I were publicly accused of a scam, I would have addressed the accusation immediately, with proof, in order to clear my name completely. Saying & doing nothing could be considered an admission of guilt, and usually is.

I am not sure if they bother at all. They have their own source of hashers, so even if all side miners quit they survive.

ghash is no longer reporting their hashrate. Maybe its a bug because they passed 1PH, but I also noticed the past days there where wild swings, hashrate would drop 500TH or more. Could be technical issues, but after reading this, I do wonder if its not something more nefarious.

Anyway, regardless if there is something going on, Id like to urge miners to point their hashrate to some smaller pools than ghash and btcguild. Its just not good for bitcoin to have 2 entities with almost 30% of the hashrate each, and this gives more credence to the "selfish miner attack" recently published.

That's true of course, but at least no mislead miners/investors will get scammed, which is the most important thing.

this is serious, this must be addressed ASAP, you have to put this topic on  Development & Technical Discussion board, this is not the right place, very few people visit this sub-forum.

I will copy the OP and add make a new post there.


edit: here is the link to to a new topic with the exact copy of your post https://bitcointalk.org/index.php?topic=327767.0

Originally the thread was in the Mining subforum, but moderator moved it here.
Thanks.

On a side note, I posted this in several cex.io threads I just saw how delusional some people can be.

This sounds like a serious problem, I'm concerned no one is talking about this on http://www.reddit.com/r/Bitcoin/

There is a parallel discussion here: https://bitcointalk.org/index.php?topic=327767.0

thank you very much!

This is just creepy, i wonder if the devs know about it.