RoadTrain (OP)
Legendary
 Offline
Activity: 1386
Merit: 1009
|
 |
October 30, 2013, 09:36:09 PM
Last edit: October 31, 2013, 12:14:38 AM by RoadTrain |
|
Transalating my post from russian subforum https://bitcointalk.org/index.php?topic=321444.0Like a month ago, in September I witnessed a lot of double-spending against BetCoin Dice. It happened between 25th and 27th Sept. The mechanism was simple: send betcoin a tx wit 0 fee, then wait for a result tx, if your bet is a win, then confirm your tx, otherwise double-spend it. 1. Here I'll give you a bunch of transactions which you can examine. Note this is a chain of transactions, so just click on outputs to see. https://blockchain.info/tx/4d731074447f02609c3110a187f9c6976f2bf255288ec5666ee270f09679619dhttps://blockchain.info/tx/e0b44f68441ea0bad0f7694f735f496ce05238862534c6fea737b8903921185aThe double-spending of losing bets was performed by someone mining to https://blockchain.info/address/1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8 , you can check it yourself. 2. I tracked coins down to the origin https://blockchain.info/tx/154ecb1eb72c933bc0707fa70deceb688361554ab81b901673d308aa84d9cfe9The most interesting address here is 12PcHjajFJmDqz28yv4PEvBF4aJiFMuTFD It's been involved in similar actions, look at this chain of win-only tx's https://blockchain.info/tx/0c1a08d035862b01d075e8044b1e9ce52a8ad951b57d876a2a9a0e3502c41eb0And the most interesting fact is that these zero-fee tx's inbetween winning ones were mined by ghash.io exclusively. Possibly this was a test attack. 3. Going further, I found the address the earnings from attack were sent to: 12e8322A9YqPbGBzFU6zXqn7KuBEHrpAAv https://blockchain.info/tx/292e7354fbca1847f0cbdc87a7d62bc37e58e8b6fa773ef4846b959f28c42910And then part of these funds (125 BTC) was sent to ghash.io's mining address: https://blockchain.info/tx/48168cf655d0ac0c7c2733288ca72e69ecd515a9a0ab2821087eb33deb7c69624. Furthermore, I checked the funds mined to 1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8 In these 2 succeeding tx's they were moved to 199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn https://blockchain.info/tx/e567ad6232de5285e0dc211d3f1c489b1e00e509118ba98a4825529d0a9197d9https://blockchain.info/tx/faa7bc8b99376efa774045e79b42771fe668341b00290a61cd416992571c590dThis address is interesting, because it contains 6000 BTC and ~30% of funds come from ghash.io mining address. https://blockchain.info/taint/199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn 5. And the last thing to spot: GHash.io, being about 25% of network back then, didn't find a single block to its address between 25th and 27th of september! https://blockchain.info/address/1CjPR7Z5ZSyWk6WtXvSFgkptmpoi4UM9BC?offset=1350&filter=2I'm not jumping on conclusions, but these actions require public attention. Comment here if you have anything to say. |
|
|
|
|
|
|
|
|
|
|
|
Bitcoin addresses contain a checksum, so it is very unlikely that mistyping an address will cause you to lose money.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
high110
Sr. Member
Offline
Activity: 728
Merit: 253
A Blockchain Mobile Operator With Token Rewards
|
 |
October 31, 2013, 02:31:33 AM |
|
So....you're saying Ghash.io is double spending or someone on it?
|
|
|
|
RoadTrain (OP)
Legendary
Offline
Activity: 1386
Merit: 1009
|
|
October 31, 2013, 11:44:09 AM |
|
So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending. I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september. It means that user's hashpower was used for free by pool operators to perform this attack. |
|
|
|
|
|
HellDiverUK
|
|
October 31, 2013, 11:48:16 AM |
|
So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending. I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september. It means that user's hashpower was used for free by pool operators to perform this attack. I call bullshit. |
|
|
|
|
RoadTrain (OP)
Legendary
Offline
Activity: 1386
Merit: 1009
|
|
October 31, 2013, 02:23:05 PM |
|
So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending. I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september. It means that user's hashpower was used for free by pool operators to perform this attack. I call bullshit. Support your statement please. |
|
|
|
|
RoadTrain (OP)
Legendary
Offline
Activity: 1386
Merit: 1009
|
|
October 31, 2013, 03:01:27 PM |
|
Did anyone examine what I provided? Or just nobody cares that the second largest pool is performing double spends?
|
|
|
|
|
|
PatMan
|
|
October 31, 2013, 04:27:36 PM |
|
You should send your findings to their support email - it would be interesting to hear their explanation.....don't hold your breath for a reply though, they're a bit slack in that department I hear.  |
|
|
|
|
HellDiverUK
|
|
October 31, 2013, 05:19:23 PM |
|
So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending. I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september. It means that user's hashpower was used for free by pool operators to perform this attack. I call bullshit. Support your statement please. You support yours. All I see is FUD. |
|
|
|
|
|
uk1
|
|
October 31, 2013, 05:22:06 PM |
|
email from support
Derrik Goon (CEX.IO)
Oct 31 11:24 (UTC)
Hello uk1,
I would like to inform you that this information you are reading is not accurate, we are a company that does not involve itself in any sort of online gambling, its for the fishes.
Best Regards,
Derrik G.
CEX.IO Support
|
|
|
|
RoadTrain (OP)
Legendary
Offline
Activity: 1386
Merit: 1009
|
|
October 31, 2013, 05:23:09 PM |
|
So....you're saying Ghash.io is double spending or someone on it?
I'm saying ghash.io was likely involved in that double-spending. I got a report from a pool's user that there were no blocks (rewards) between 25th and 27th of september. It means that user's hashpower was used for free by pool operators to perform this attack. I call bullshit. Support your statement please. You support yours. All I see is FUD. I've already provided everything in the first post. Blockchain is a public resource, so you can check it yourself. If you can't understand it, then refrain from calling it bullshit please. email from support
Derrik Goon (CEX.IO)
Oct 31 11:24 (UTC)
Hello uk1,
I would like to inform you that this information you are reading is not accurate, we are a company that does not involve itself in any sort of online gambling, its for the fishes.
Best Regards,
Derrik G.
CEX.IO Support
Will be more interesting to request the list of blocks they mined between 25th and 27th of september. There's no such stats in public. |
|
|
|
|
high110
Sr. Member
Offline
Activity: 728
Merit: 253
A Blockchain Mobile Operator With Token Rewards
|
|
October 31, 2013, 10:20:03 PM |
|
Nice forensic research!
|
|
|
|
fsb4000
Legendary
Offline
Activity: 1400
Merit: 1000
|
|
November 01, 2013, 07:47:33 AM |
|
Good job, well done RoadTrain !
|
|
|
|
|
|
Unluckyduck
|
|
November 01, 2013, 11:58:23 PM |
|
Hehe, busted
|
|
|
|
|
zee112212
Member
Offline
Activity: 65
Merit: 10
|
|
November 02, 2013, 12:23:16 AM
Last edit: November 02, 2013, 02:18:54 AM by zee112212 |
|
I don't know how to analyze the blockchain. But if this is really true, double spending bitcoin is big news.
|
|
|
|
|
eleuthria
Legendary
Offline
Activity: 1750
Merit: 1007
|
|
November 02, 2013, 12:49:38 AM |
|
I don't how to analyze the blockchain. But if this is really true, double spending bitcoin is big news.
Double-spending a 0-confirmation TX is not new. It doesn't even require 0.1% of the network hash rate to do it. This is why accepting unconfirmed transactions is foolish. Allowing 0-confirm txes to count as a payment should only be done for online services that are easily revokable without impacting the business for the period before it was a confirmed doublespend. |
RIP BTC Guild, April 2011 - June 2015
|
|
|
|
balanghai
|
|
November 02, 2013, 12:57:02 AM |
|
So, how about 3 confirmations payment, can it be double spent?
|
|
|
|
|
RoadTrain (OP)
Legendary
Offline
Activity: 1386
Merit: 1009
|
|
November 02, 2013, 10:14:30 PM |
|
So, how about 3 confirmations payment, can it be double spent?
Very unlikely, even 1 confirmation payment is quite safe. |
|
|
|
|
mobile
Sr. Member
Offline
Activity: 400
Merit: 250
the sun is shining, but the ice is still slippery
|
|
November 03, 2013, 11:44:57 PM |
|
Interesting findings. Has anyone emailed CEX.IO about this.
Watching this thread....
|
1 MoBi1eNbqh8QMuvtZjYzQGV8NEckJJYcT rep| GnuPG <3 CLAM <3 |
|
|
RoadTrain (OP)
Legendary
Offline
Activity: 1386
Merit: 1009
|
|
November 04, 2013, 12:03:47 AM |
|
Interesting findings. Has anyone emailed CEX.IO about this.
Watching this thread....
You can look at pool's support response a few posts above  FYI bitfury (russian-speaking) and ghash have a questionable reputation in the russian subforum. And for a reason |
|
|
|
|
|
PatMan
|
|
November 06, 2013, 01:11:52 AM |
|
Wish I could read Russian.......so go on, spill the beans my man |
|
|
|
|
