Double Spend on Pocket Dice

[Pocket Dice]

Hi everyone!

Today we'd like to talk about double-spending.

We've had a player named yakuza699 – he's got the same username on bitcointalk and is actually a Hero member here, which means he's a respected part of the community. Here is a link to his profile here: https://bitcointalk.org/index.php?action=profile;u=136722.

He's been playing Pocket Dice for a while now using the same strategy over and over: he makes a large deposit, places a couple of low-risk ALL IN bets, and then withdraws. All his game sessions have been profitable for him though yesterday he returned to Pocket Dice, deposited 71.38 BTC and lost them all. This happens sometimes as this is the game of chance. What happened next was he double-spent his deposit transaction.

So why are we writing all this? Just to say you all should beware of any kind of cooperation with yakuza699. Moreover, you should never seriously rely on user's rating at Bitcointalk.

Has anyone of you ever had any cooperation with yakuza699? did he also double spend in your web services?
Any ideas on how to solve this will be aprreciated.

[nonnakip]

Today we'd like to talk about double-spending.
[...]
Any ideas on how to solve this will be aprreciated.

Simple. Do not provide services that are vulnerable to double-spending.

[Panzzer]

How did he double spend? Your system is vulnerable?

Post this on the scam accusations section with your evidence.

[waterpile]

Yakuza699 also tried sending a double-spend to repay his loan..                                               

Repaid 0.43(+0.01) damn it took longer than I fault.
https://blockchain.info/tx/c985bc196067e84ac11f595dc7d25f7d342e009dfbd1b9433804d07950ff996d
EDIT. If this tx doesn't confirm ask me to resend!

That's not very nice now I have the tag: Warning! this bitcoin address contains transactions which may be double spends. You should be extremely careful when trusting any transactions to or from this address.

Don't worry it will vanish after 2-3 days plus it's only on blockchain.info block explorer.

The transaction has failed please resend it.

It looks like yakuza699 actually double spent the transaction. I would be weary about accept 0/unconfirmed transactions from this person.  

[Quickseller]

1st question, why do you accept double spend transactions? Secondly, could you provide the txid's of the transactions in question, and other evidence to link that profile to the person you are claiming scammed you?

[subSTRATA]

How did he double spend? Your system is vulnerable?

Post this on the scam accusations section with your evidence.

my guess is that he sent a 0 fee deposit to pocket dice then broadcast a second transaction with a fee to get the network to forget about the first transaction.

1st question, why do you accept double spend transactions? Secondly, could you provide the txid's of the transactions in question, and other evidence to link that profile to the person you are claiming scammed you?

question is, why do they accept 0 fee deposits? accepting them is ok, but they should wait for 1 confirmation in the case the deposit transaction has no fee as those are vulnerable to double spending. other than that, we do need proof the account on your site that initiated this double spend is indeed yakuza699, 71+ BTC is not a small amount.

[Hexcoin]

Hi everyone!

Today we'd like to talk about double-spending.

We've had a player named yakuza699 – he's got the same username on bitcointalk and is actually a Hero member here, which means he's a respected part of the community. Here is a link to his profile here: https://bitcointalk.org/index.php?action=profile;u=136722.

He's been playing Pocket Dice for a while now using the same strategy over and over: he makes a large deposit, places a couple of low-risk ALL IN bets, and then withdraws. All his game sessions have been profitable for him though yesterday he returned to Pocket Dice, deposited 71.38 BTC and lost them all. This happens sometimes as this is the game of chance. What happened next was he double-spent his deposit transaction.

So why are we writing all this? Just to say you all should beware of any kind of cooperation with yakuza699. Moreover, you should never seriously rely on user's rating at Bitcointalk.

Has anyone of you ever had any cooperation with yakuza699? did he also double spend in your web services?
Any ideas on how to solve this will be aprreciated.

why such a gambling site accepts instant deposit since double spend attacks isn't new in the BTC world? can you give more proof that yakuza699 in your site is the same yakuza699 here at BCTalk?

[lissandra]

I`m pretty new to spotting a double spent address or how it works.

Any chance to screen cap how it looks like? since anyone can get pm`d by him or does future business w. that person.

[Somekindabitcoin]

I sent 0.001 BTC with 0 fee and I was able to gamble it right after the transactions was sent. Confirmations are needed only for withdrawal. If I lost my 0.001 BTC I could easily double spent it, because there's not waiting time between deposit and bets.
Just one yolo bet on 90% takes few seconds so you have a plenty of time to double spend it. I really like that we can use our money instantly after the deposit is done, but you should do something with double spends.

[Astargath]

Im impressed by everyone here attacking the site and why the allow such things instead of attacking the user that is actually CHEATING this site and seems like he tried to cheat others yet he has no negative trust, not even by op?

[subSTRATA]

Im impressed by everyone here attacking the site and why the allow such things instead of attacking the user that is actually CHEATING this site and seems like he tried to cheat others yet he has no negative trust, not even by op?

that would be because there is no sure proof provided that the person who abused the deposit system on pocketdice and initiated the double spend attack is the yakuza699 here on the forum. until such evidence is provided, leaving negative feedback on the user's profile would be on the hasty side.

[CoinKaputt]

I never understood this doublespend thing but thats not very fair to exploit in on the other hand why your system does not need at least 1 confirmation before the coins can be used.

[subSTRATA]

I never understood this doublespend thing but thats not very fair to exploit in on the other hand why your system does not need at least 1 confirmation before the coins can be used.

because people like to be able to play when they want to, which is usually as soon as possible. to prevent this, usually casinos require 1 confirmation before being allowed to withdraw, but clearly that didnt work here.

[yakuza699]

Hello this morning I received a PM by BuyAreaCoins and he gave me this link https://www.reddit.com/r/Bitcoin/comments/3dygn9/double_spend_on_pocket_dice/.I was pretty shocked after reading it because who wouldn't when he is innocent.I am going to quote my self what I wrote on reddit.

Hello everyone, yakuza699 from bitcointalk.org here.I am going to be very straight forward and tell you that I was not involved with this at all.Why in the world would I choose same username on a site that I plan to attack?That just wouldn't make any sense.Though it is very interesting that he choose my username.Something special about it?Regarding trading or any kind of deals I don't really care if you trust me or not because I don't do a lot of trades and when I do I either use escrow or go first if I deal with trusted people.

Yakuza699 also tried sending a double-spend to repay his loan

Regarding that check this:

I would be weary about accept 0/unconfirmed transactions from this person.  

Not only with me but with everyone coins are not yours if they are unconfirmed.I knew(was not sure 100%) that that transaction will not confirm that is why I stated "If this tx doesn't confirm ask me to resend!" And that is what I just did.
https://blockchain.info/tx/162f89bbf6118bc06c2d26e6be5d1823b680f6f6c12b194bdaf3e568de2f3404
This time the transaction will confirmJust got confirmed. Sorry for all the inconvenience marco. I hope I don't have to take a loan ever again but if I do I will contact you.

It was an accident and I re-sent it.

[seoincorporation]

The best way to avoid that problem is asking for 1 confirmation on all the depos, before any withdraw. 

[DiamondCardz]

Don't accept unconfirmed 0-fee transactions. If you want to accept unconfirmed transactions, do not accept them with 0 fee, and/or immediately revoke the balance if a double spend attempt is detected and return it only if the original transaction is confirmed first (unlikely if a purposeful double spend has been made). The former is more preferable than the latter, as you can still gamble it all away and THEN double spend.

[subSTRATA]

If you want to accept unconfirmed transactions, do not accept them with 0 fee,

this exactly, requiring 1 conformation on 0 fee transactions would be a possible fix to this issue.

also, you guys are practically advertising that your site has a vulnerability, and have not taken the site down to fix the issue. people will try to abuse this, guaranteed. of course, i could be wrong and youve already patched this problem up, but if you havent, taking the site down for a bit would be a good idea. in fact, it would be a fantastic idea.

[Somekindabitcoin]

I would point out 2 comments from Reddit, it's 100% true.


#1: Easy: Don't accept 0-conf. transactions.
    #2: Easy! Just wait up to 1 hour for your internet money of the future to go through!


It's really complicated to do it. Maybe require 1 confirmation on TX without fee like DiamondCardz said, but I don't know if it's possible..

[MarkMJ]

Big amount, sorry for your lost.

[Hexcoin]

The best way to avoid that problem is asking for 1 confirmation on all the depos, before any withdraw. 

thats how the site works but the cheater is doing something to the coins when he was supposed to lost it all, double spending so the site wont recieve the lost coins like there is no deposit happened