Bitcoin Forum
April 18, 2014, 09:15:06 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2  All
  Print  
Author Topic: GHash.IO and double-spending against BetCoin Dice  (Read 7358 times)
RoadTrain
Sr. Member
****
Online Online

Activity: 448


View Profile

Ignore
October 30, 2013, 09:36:09 PM
 #1

Transalating my post from russian subforum
https://bitcointalk.org/index.php?topic=321444.0

Like a month ago, in September I witnessed a lot of double-spending against BetCoin Dice. It happened between 25th and 27th Sept.

The mechanism was simple: send betcoin a tx wit 0 fee, then wait for a result tx, if your bet is a win, then confirm your tx, otherwise double-spend it.

1. Here I'll give you a bunch of transactions which you can examine. Note this is a chain of transactions, so just click on outputs to see.
https://blockchain.info/tx/4d731074447f02609c3110a187f9c6976f2bf255288ec5666ee270f09679619d
https://blockchain.info/tx/e0b44f68441ea0bad0f7694f735f496ce05238862534c6fea737b8903921185a

The double-spending of losing bets was performed by someone mining to https://blockchain.info/address/1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8 , you can check it yourself.

2. I tracked coins down to the origin
https://blockchain.info/tx/154ecb1eb72c933bc0707fa70deceb688361554ab81b901673d308aa84d9cfe9
The most interesting address here is 12PcHjajFJmDqz28yv4PEvBF4aJiFMuTFD
It's been involved in similar actions, look at this chain of win-only tx's
https://blockchain.info/tx/0c1a08d035862b01d075e8044b1e9ce52a8ad951b57d876a2a9a0e3502c41eb0
And the most interesting fact is that these zero-fee tx's inbetween winning ones were mined by ghash.io exclusively. Possibly this was a test attack.

3. Going further, I found the address the earnings from attack were sent to: 12e8322A9YqPbGBzFU6zXqn7KuBEHrpAAv
https://blockchain.info/tx/292e7354fbca1847f0cbdc87a7d62bc37e58e8b6fa773ef4846b959f28c42910
And then part of these funds (125 BTC) was sent to ghash.io's mining address:
https://blockchain.info/tx/48168cf655d0ac0c7c2733288ca72e69ecd515a9a0ab2821087eb33deb7c6962

4. Furthermore, I checked the funds mined to 1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8
In these 2 succeeding tx's they were moved to 199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn
https://blockchain.info/tx/e567ad6232de5285e0dc211d3f1c489b1e00e509118ba98a4825529d0a9197d9
https://blockchain.info/tx/faa7bc8b99376efa774045e79b42771fe668341b00290a61cd416992571c590d

This address is interesting, because it contains 6000 BTC and ~30% of funds come from ghash.io mining address.
https://blockchain.info/taint/199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn

5. And the last thing to spot:
GHash.io, being about 25% of network back then, didn't find a single block to its address between 25th and 27th of september!
https://blockchain.info/address/1CjPR7Z5ZSyWk6WtXvSFgkptmpoi4UM9BC?offset=1350&filter=2


I'm not jumping on conclusions, but these actions require public attention.
Comment here if you have anything to say.

Beware of BTC-e, they scammed people twice by lying about FTC and TRC delisting.

I AM HODLING
1397855706
Hero Member
*
Offline Offline

Posts: 1397855706

View Profile Personal Message (Offline)

Ignore
1397855706
Reply with quote  #2

1397855706
Report to moderator
1397855706
Hero Member
*
Offline Offline

Posts: 1397855706

View Profile Personal Message (Offline)

Ignore
1397855706
Reply with quote  #2

1397855706
Report to moderator
    mBitCASINOWIN BITCOINS IN OUR
24/7 LIVE DEALER CASINO

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397855706
Hero Member
*
Offline Offline

Posts: 1397855706

View Profile Personal Message (Offline)

Ignore
1397855706
Reply with quote  #2

1397855706
Report to moderator
high110
Full Member
***
Offline Offline

Activity: 182


View Profile

Ignore
October 31, 2013, 02:31:33 AM
 #2

So....you're saying Ghash.io is double spending or someone on it?

RoadTrain
Sr. Member
****
Online Online

Activity: 448


View Profile

Ignore
October 31, 2013, 11:44:09 AM
 #3

So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending.
I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september.
It means that user's hashpower was used for free by pool operators to perform this attack.

Beware of BTC-e, they scammed people twice by lying about FTC and TRC delisting.

I AM HODLING
HellDiverUK
Sr. Member
****
Offline Offline

Activity: 364


View Profile

Ignore
October 31, 2013, 11:48:16 AM
 #4

So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending.
I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september.
It means that user's hashpower was used for free by pool operators to perform this attack.

I call bullshit.

Cloud Mining & Stable Pool, sign up and refer a friend. https://cex.io/r/1/Valleyforge/0/
RoadTrain
Sr. Member
****
Online Online

Activity: 448


View Profile

Ignore
October 31, 2013, 02:23:05 PM
 #5

So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending.
I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september.
It means that user's hashpower was used for free by pool operators to perform this attack.

I call bullshit.
Support  your statement please.

Beware of BTC-e, they scammed people twice by lying about FTC and TRC delisting.

I AM HODLING
RoadTrain
Sr. Member
****
Online Online

Activity: 448


View Profile

Ignore
October 31, 2013, 03:01:27 PM
 #6

Did anyone examine what I provided? Or just nobody cares that the second largest pool is performing double spends?

Beware of BTC-e, they scammed people twice by lying about FTC and TRC delisting.

I AM HODLING
PatMan
Hero Member
*****
Offline Offline

Activity: 546


http://freehammond.org/


View Profile WWW

Ignore
October 31, 2013, 04:27:36 PM
 #7

You should send your findings to their support email - it would be interesting to hear their explanation.....don't hold your breath for a reply though, they're a bit slack in that department I hear.  Wink

"When one person is deluded it is called insanity - when many people are deluded it is called religion" - Robert M. Pirsig.  I don't want your coins, I want change.
Amazon UK BTC payment service - https://bitcointalk.org/index.php?topic=301229.0 - with FREE next day delivery!
http://www.ae911truth.org/ - http://rethink911.org/ - http://rememberbuilding7.org/
HellDiverUK
Sr. Member
****
Offline Offline

Activity: 364


View Profile

Ignore
October 31, 2013, 05:19:23 PM
 #8

So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending.
I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september.
It means that user's hashpower was used for free by pool operators to perform this attack.

I call bullshit.
Support  your statement please.

You support yours.  All I see is FUD.

Cloud Mining & Stable Pool, sign up and refer a friend. https://cex.io/r/1/Valleyforge/0/
uk1
Sr. Member
****
Offline Offline

Activity: 420


View Profile WWW

Ignore
October 31, 2013, 05:22:06 PM
 #9

email from support    

Derrik Goon (CEX.IO)

Oct 31 11:24 (UTC)

Hello uk1,

I would like to inform you that this information you are reading is not accurate, we are a company that does not involve itself in any sort of online gambling, its for the fishes.

Best Regards,
Derrik G.
CEX.IO Support

RoadTrain
Sr. Member
****
Online Online

Activity: 448


View Profile

Ignore
October 31, 2013, 05:23:09 PM
 #10

So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending.
I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september.
It means that user's hashpower was used for free by pool operators to perform this attack.

I call bullshit.
Support  your statement please.

You support yours.  All I see is FUD.
I've already provided everything in the first post.
Blockchain is a public resource, so you can check it yourself.
If you can't understand it, then refrain from calling it bullshit please.

email from support    

Derrik Goon (CEX.IO)

Oct 31 11:24 (UTC)

Hello uk1,

I would like to inform you that this information you are reading is not accurate, we are a company that does not involve itself in any sort of online gambling, its for the fishes.

Best Regards,
Derrik G.
CEX.IO Support
Will be more interesting to request the list of blocks they mined between 25th and 27th of september.
There's no such stats in public.

Beware of BTC-e, they scammed people twice by lying about FTC and TRC delisting.

I AM HODLING
high110
Full Member
***
Offline Offline

Activity: 182


View Profile

Ignore
October 31, 2013, 10:20:03 PM
 #11

Nice forensic research! 

fsb4000
Hero Member
*****
Offline Offline

Activity: 686



View Profile WWW

Ignore
November 01, 2013, 07:47:33 AM
 #12

Good job, well done RoadTrain !

Unluckyduck
Full Member
***
Offline Offline

Activity: 193



View Profile

Ignore
November 01, 2013, 11:58:23 PM
 #13

Hehe, busted
zee112212
Member
**
Offline Offline

Activity: 65


View Profile

Ignore
November 02, 2013, 12:23:16 AM
 #14

I don't know how to analyze the blockchain. But if this is really true, double spending bitcoin is big news.
eleuthria
Hero Member
*****
Online Online

Activity: 1120


Michael Marsee


View Profile WWW

Ignore
November 02, 2013, 12:49:38 AM
 #15

I don't how to analyze the blockchain. But if this is really true, double spending bitcoin is big news.

Double-spending a 0-confirmation TX is not new.  It doesn't even require 0.1% of the network hash rate to do it.  This is why accepting unconfirmed transactions is foolish.  Allowing 0-confirm txes to count as a payment should only be done for online services that are easily revokable without impacting the business for the period before it was a confirmed doublespend.

balanghai
Full Member
***
Offline Offline

Activity: 224



View Profile

Ignore
November 02, 2013, 12:57:02 AM
 #16

So, how about 3 confirmations payment, can it be double spent?

RoadTrain
Sr. Member
****
Online Online

Activity: 448


View Profile

Ignore
November 02, 2013, 10:14:30 PM
 #17

So, how about 3 confirmations payment, can it be double spent?
Very unlikely, even 1 confirmation payment is quite safe.

Beware of BTC-e, they scammed people twice by lying about FTC and TRC delisting.

I AM HODLING
mobile
Sr. Member
****
Offline Offline

Activity: 374


The Sun Is Shining, But The Ice Is Slippery


View Profile WWW

Ignore
November 03, 2013, 11:44:57 PM
 #18

Interesting findings. Has anyone emailed CEX.IO about this.
Watching this thread....

iXcoin - Time Tested & Matured For 3 YRS - Ultra Secure & Robust 23 Peta Hash Network - Native - C o l o r e d - Coins!
SEO,PPC & WordPress work for BTC 1MoBi1eNbqh8QMuvtZjYzQGV8NEckJJYcT & IXC: xqpt8vVLpG4cv2UAakBXAdJdP1sy6qWkrt rep|GnuPG
RoadTrain
Sr. Member
****
Online Online

Activity: 448


View Profile

Ignore
November 04, 2013, 12:03:47 AM
 #19

Interesting findings. Has anyone emailed CEX.IO about this.
Watching this thread....
You can look at pool's support response a few posts above Smiley

FYI bitfury (russian-speaking) and ghash have a questionable reputation in the russian subforum. And for a reason Smiley

Beware of BTC-e, they scammed people twice by lying about FTC and TRC delisting.

I AM HODLING
PatMan
Hero Member
*****
Offline Offline

Activity: 546


http://freehammond.org/


View Profile WWW

Ignore
November 06, 2013, 01:11:52 AM
 #20

Wish I could read Russian.......so go on, spill the beans my man  Wink

"When one person is deluded it is called insanity - when many people are deluded it is called religion" - Robert M. Pirsig.  I don't want your coins, I want change.
Amazon UK BTC payment service - https://bitcointalk.org/index.php?topic=301229.0 - with FREE next day delivery!
http://www.ae911truth.org/ - http://rethink911.org/ - http://rememberbuilding7.org/
Pages: [1] 2  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!