What happened:: I am being extorted by btcmasterZ/KingOfBet/Rollincoin/HackerBOSS/FastBitRoulette.com...

Scammers Profile Link:
btcmasterZ: https://bitcointalk.org/index.php?action=profile;u=667885
KingOfBet: https://bitcointalk.org/index.php?action=profile;u=735396
RollinCoin.com: https://bitcointalk.org/index.php?action=profile;u=832985
HackerBOSS: https://bitcointalk.org/index.php?action=profile;u=753577
Fastbitroulette.com: https://bitcointalk.org/index.php?action=profile;u=844969

Hi, you can't increase the house edge as it's provably fair..

You can setup min and max bet with no problem, though.

Johny

This is getting funnier and funnier

You are pretty obviously the owner of this site. Your English skills are on the same level. You asked some questions on how to make such a site - a week before launching this site. Then you didn't post anything after that. But now you are back, only to put a lot of effort/posts on defending this site, claiming it's legit.

Are you getting a bit hopeless?

Warning all

http://webcache.googleusercontent.com/search?q=cache:il60bLKQcbsJ:rollincoin.com/provably_fair_md5.php+&cd=1&hl=pt-BR&ct=clnk&gl=br

Look at hash cached, and compare the hashs, all bets above 0.05 BTC starting from a point have hash changed, after this 0.02 sequence bets, all win bets have hash changed, don't play!, it will be a 100% lose now

Should be noted that although OP is an obvious scammer, in theory players can easily cheat him too (if he really pays out based on those hashes.) It's very easy to brute-force those MD5 hashes and figure out the "string" (and therefor the result.) Still if OP keep changing the hash after a bet, obviously you risk being scammed when you try to cheat too.

That last statement isn't true... MD5 is a weak encryption algorithm that can be broken today, and each MD5 string can match with an infinite number of unique non encrypted strings (just like any hashing algorithm, including SHA256).

This description does not match the procedure executed by the site. The string hashed is not HEAD/<26 characters>, it is "win" or "lose", a colon, and the decimal representation in plain text of the secret key. Not sure where you found this text, but it doesn't describe this game.

This site requires that you browse the provably fair page to see the next game hash. If someone else plays, your hash is taken.  Also, those displayed hashes have changed on at least two recorded (and independently verifiable) occasions, rendering the entire "provably" part irrelevant. The site has already been positively identified changing hash listings after a wager is received. View the wayback machine to see that the listed hashes have been changed from the posted hashes.

Even if the system presented were actually fair (it's not), the game itself is not fair because the hashes presented are not always the hashes of the data played against. This is not provably fair - and actually not fair at all, it will change the result of your bet.

Payment does not indicate "not a scam". Ponzi's pay out until they run out of money, but they're just as scammy. I have demonstrated mathematically that the system professed by this site is not only unfair and unreliable but also incorrectly implemented in a manner that can only be qualified as "cheating".

Even if the site pays, if it has to cheat to maintain an edge, it's a scam.

Please read the scam accusation thread for proof. Be careful, this is a confirmed scam.

This is disgusting. Shame on you.

Scammer.

Provably fair requires that it be provable. But I can't prove anything because the hash of my game isn't presented to me before I play - and when I do play, I don't have a guarantee that the hash presented will be the hash played against (we have proof-of-alteration on the books).

Furthermore, MD5 is very weak and could be bruteforced. Judging from the recent bet list, someone has already defeated the system.

This post does not represent LuckyBit and is the personal opinion of stingleword.

---

Are you fucking kidding me?!!!!!

Since all of us over at LB are laughing about this situation, I went to the trouble to investigate the RollinCoin Provably Fair system myself. I have got to say that this is 100% useless and you would get a better game if you sat behind the computer with a coin and flipped it yourself.

1. There is absolutely no explanation of how it works. The user is left to figure it out himself. Hardly "provable"!
2. After some wrangling, we determined that the formula is MD5(("win"|"lose")+":SecretKey="+secretKey) to generate the hash.
3. The secret key has no bearing on the game result - as far as I can tell, it does nothing.
4. The user's TXID doesn't affect the game result, either - there is literally no data with which to duplicate the result.
5. The results of a game are not provably fair, are not verifiable and the method by which the results are derived is not transparent.

6. Therefore, I conclude that not only is this game not Provably Fair, it is NOT FAIR AT ALL.

---

The previous post does not represent LuckyBit and is the personal opinion of stingleword. Sometimes this is required when he posts about things that might be work-related, but when not operating in a work capacity.

WARNING: This method can go wrong if the user sent from an exchange account or some other method that the user does not directly control, or if they sent an old-style multisig tx, or a non-standard tx.  It is NOT recommended.  But you asked.


The basic idea is to look at the first address entry of the vout structure of the first vin  of the transaction the user sent to you.
ie:  tx.vin[0].vout.addresses[0]

This is a little convoluted to obtain with stock bitcoind, because gettransactions does not include any vout.addresses field.

So we need to do it in two steps.

Step 1.

Then you will see output like this:


Notice the vout in this case is 0.  So now, let's find the matching vout for <first_vin_txid>.

Step 2.


Ok, we find the vout where "n" matches "vout" from the vin we looked at in the orig transaction.  In this case "n" and "sequence" are both 0. Therefore 1GN... is the address associated with the first input of the orig transaction.  ie, this address contributed <amount> of funds.  Note that:

1) There may be one vin or multiple vin in the orig tx.  ie, outputs from multiple tx may have been consolidated into one.  It should be relatively safe to always choose the first vin.
2) There may be multiple values in the "addresses" field, eg if type = multisig.  in this case, you should probably abort.


again, don't do this.   ;-)

They guess and hope they are correct. If they are not, they blame the user for not reading #3 of their "how to play"[1]

[1] http://secondstrade.com/howtoplay.html

If you potentially need to send refunds then the only correct way is to ask the user to provide a refund address at the time of payment.

The concept of a single guaranteed "from address" simply does not exist in bitcoin.

You are asking "who" but there is no such info on the blockchain. The inputs the TX uses have been received on two addresses, which is exactly what I warned you about. There is no right answer to this. Its possible that the sender controls both, one or none of the addresses the coins came "from".


That one has a confirmed double spend -> https://blockchain.info/tx/3a07b7957cf29d267cd8c20fbd5eb8824366096e09d722d888ce635098851b70

The inputs the TXs use came from a single address '15iET5Zp3GdXkp2sbUvsenUysFCAzoW1Fq', but same here its possible that the person behind the coins controls it or not.

AFAIK they do it in this crude way, same as most ponzi "games". If they warn you not to use certain wallets, they almost always just assume which is your address. This can fail horribly if your customer/user uses a wallet where they share addresses with others or use something like CoinJoin. A common example for shared wallets are most exchanges. You have your own deposit address, but when you withdraw the coins come from a different address. If you return coins to the address they came from they will be credited to a different account (if at all).