Cheaters (double spenders) and what the gambling sites are doing against them

[BitcoinBlackjack]

No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.

I am not exactly sure how double spending works, but I can assure you that these cheaters have it down to an exact science!

Also I believe it's called a "Race Attack" which you can read about here:
https://en.bitcoin.it/wiki/Double-spending

[Avirunes]

Yours is not the first site it has happened too, the biggest sites have faced this problem and the solution you implemented is the best solution there is, one confirmation on a normal day should take on average 10 minutes and its same for everyone so gamblers have to wait that much to play at any casino.

Up to 1 BTC, 1 confirmation should suffice, over that you should wait for at-least 3 confirmations.

Totally agree with bitbaby that even 1 confirmation is not sufficient , a double spending may even occur even after 1 conf. if miner also participates.Well now most of bitcoin wallets have disallowed it but gambling sites should take up some preventive measures and IMO at-least 3 confirmations is the best as of now.

[forzendiablo]

is this method really working with current RBF?

seems thats another vote that RBF sucks ;x

[longbob72]

No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.

this kind of double spending is called race attack. it is done by creating another transaction that spends at least one input that was used on the first transaction. once one of them got confirmed the other will cease to be a valid transaction and never confirm.

IMO the only sure way to stop gambling sites from getting cheated is to stop accepting 0-confirmation deposits.

[puremage111]

No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.

this kind of double spending is called race attack. it is done by creating another transaction that spends at least one input that was used on the first transaction. once one of them got confirmed the other will cease to be a valid transaction and never confirm.

IMO the only sure way to stop gambling sites from getting cheated is to stop accepting 0-confirmation deposits.

Hello does this means that lets say i have $5 btc in wallet, for the first transaction i sent a $3, which will left me with $2, but then before the transaction got sent i send another $5 btc at the same time? Is it something like that? Thanks for the explanation

[longbob72]

No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.

this kind of double spending is called race attack. it is done by creating another transaction that spends at least one input that was used on the first transaction. once one of them got confirmed the other will cease to be a valid transaction and never confirm.

IMO the only sure way to stop gambling sites from getting cheated is to stop accepting 0-confirmation deposits.

Hello does this means that lets say i have $5 btc in wallet, for the first transaction i sent a $3, which will left me with $2, but then before the transaction got sent i send another $5 btc at the same time? Is it something like that? Thanks for the explanation

that won't do. every time you make a transaction you'll always spend all of the coins in the input. that $2 will be sent back to your address or your change address, creating a new output for the next transaction to refer to (as input).

[maku]

I don't think this double spending exploit is really that common, and I have no idea how much gambling sites are losing because something like this exist.
If that is really that bad and big money are being lost because of that then I think we are unfortunately doomed to eventually switch from 0 confirmation deposits to 1 confirmation.

[BTCLovingDude]

so how many cheats has happened so far, can you give some statistic on it with how much BTC did they cheat?

you can always do it like others with at least 1 confirmation, and also you can add other altcoins which will be confirmed super fast like Dogecoin.

[Avirunes]

so how many cheats has happened so far, can you give some statistic on it with how much BTC did they cheat?

Check this : https://bitcointalk.org/index.php?topic=327767.0 (Betcoin Dice)
https://bitcointalk.org/index.php?topic=1128950.0 (Pocket Dice)

well double spend is a serious problem and as i said earlier gambling sites should accept deposits or show balance only after 3-4 confirmations.

[eternalgloom]

I wonder how there are still some casino's that are able to offer instant play with 0 confirmations? This seems to be something that's fairly easy to exploit and make a huge profit with in a short time.
This combined with instant payouts would be quite detrimental for the site.

[bitkilo]

I could see this happening whem I first read about a particular casino accepting 0 confirmation deposits but thought they would overcome this problem before implement if possible.

I guess the guy who is trying this would sort of be in a race withhimself and the miners.
He needs the first low fee transaction to take say 5min minimum to be accepted into a block (probably longer in most cases of small fees)  and also try win or loose quick so he knows which transaction to push or double spend.

I would think that most bets these guys are making a high limit on games like roulette so they can bet the lot in one go on something like red/black win bets.

[ndnh]

1 confirmation is the standard (afaik). Allowing 0 confirmation deposits would certainly be a vulnerability if there are no checks on the tx fee amount etc. like luckyb.it does.

[Evildrum]

No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.

I am not exactly sure how double spending works, but I can assure you that these cheaters have it down to an exact science!

Also I believe it's called a "Race Attack" which you can read about here:
https://en.bitcoin.it/wiki/Double-spending

Thank you for that link will take a look in a minute to see how this is done. The shady scammers seem to be able to sit around all day dreaming up ways to take advantage of bitcoin aspects and I hope one day they get a dose of their own medicine.

[BitcoinBlackjack]

I could see this happening whem I first read about a particular casino accepting 0 confirmation deposits but thought they would overcome this problem before implement if possible.

I guess the guy who is trying this would sort of be in a race withhimself and the miners.
He needs the first low fee transaction to take say 5min minimum to be accepted into a block (probably longer in most cases of small fees)  and also try win or loose quick so he knows which transaction to push or double spend.

I would think that most bets these guys are making a high limit on games like roulette so they can bet the lot in one go on something like red/black win bets.

Yes you are 100% correct!

[BitcoinBlackjack]

I wonder how there are still some casino's that are able to offer instant play with 0 confirmations? This seems to be something that's fairly easy to exploit and make a huge profit with in a short time.
This combined with instant payouts would be quite detrimental for the site.

That's exactly why I wanted to have this discussion and see where the other gaming sites stand!

[BitcoinBlackjack]

1 confirmation is the standard (afaik). Allowing 0 confirmation deposits would certainly be a vulnerability if there are no checks on the tx fee amount etc. like luckyb.it does.

Will try to get in contact with them and see how they do it

[elite3000]

You could do what luckyb.it does and wait for it to confirm with a low fee, or have instant play with a fee of at least 0.0002BTC. Should stop most double spenders, as it needs to be a large tx size for it to not confirm for a while with that kind of fee. Most players won't really notice a difference with paying 4 cents extra for the fee if they can play instantly, but it protects you a lot more. It also shouldn't affect the people that like small fees, since they can choose to wait for it to confirm.

When the network is under heavy stress or under stress tests even the 0.0002 BTC fee may take some time to be included in a block.


It is an improvement, but of course not the solution for everything

[BitcoinBlackjack]

You could do what luckyb.it does and wait for it to confirm with a low fee, or have instant play with a fee of at least 0.0002BTC. Should stop most double spenders, as it needs to be a large tx size for it to not confirm for a while with that kind of fee. Most players won't really notice a difference with paying 4 cents extra for the fee if they can play instantly, but it protects you a lot more. It also shouldn't affect the people that like small fees, since they can choose to wait for it to confirm.

When the network is under heavy stress or under stress tests even the 0.0002 BTC fee may take some time to be included in a block.


It is an improvement, but of course not the solution for everything

That's correct, we've seen confirmations take up to an hour with the recommended fees!

[gyo9i]

You could do what luckyb.it does and wait for it to confirm with a low fee, or have instant play with a fee of at least 0.0002BTC. Should stop most double spenders, as it needs to be a large tx size for it to not confirm for a while with that kind of fee. Most players won't really notice a difference with paying 4 cents extra for the fee if they can play instantly, but it protects you a lot more. It also shouldn't affect the people that like small fees, since they can choose to wait for it to confirm.

When the network is under heavy stress or under stress tests even the 0.0002 BTC fee may take some time to be included in a block.


It is an improvement, but of course not the solution for everything

That's correct, we've seen confirmations take up to an hour with the recommended fees!

If there are no new blocks you can wait 1 hour even if you put 1 bitcoin fee

[BitcoinBlackjack]

You could do what luckyb.it does and wait for it to confirm with a low fee, or have instant play with a fee of at least 0.0002BTC. Should stop most double spenders, as it needs to be a large tx size for it to not confirm for a while with that kind of fee. Most players won't really notice a difference with paying 4 cents extra for the fee if they can play instantly, but it protects you a lot more. It also shouldn't affect the people that like small fees, since they can choose to wait for it to confirm.

When the network is under heavy stress or under stress tests even the 0.0002 BTC fee may take some time to be included in a block.


It is an improvement, but of course not the solution for everything

That's correct, we've seen confirmations take up to an hour with the recommended fees!

If there are no new blocks you can wait 1 hour even if you put 1 bitcoin fee

Which is exactly why we would rather do a 0 confirmation deposit policy. However safety must always come first I guess!