Bitcoin Forum
April 19, 2014, 10:07:57 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 9 10  All
  Print  
Author Topic: GHash.IO and double-spending against BetCoin Dice  (Read 41195 times)
mmitech
Sr. Member
****
Offline Offline

Activity: 406


things you own end up owning you


View Profile

Ignore
November 08, 2013, 12:07:58 PM
 #1

Transalating my post from russian subforum
https://bitcointalk.org/index.php?topic=321444.0

Like a month ago, in September I witnessed a lot of double-spending against BetCoin Dice. It happened between 25th and 27th Sept.

The mechanism was simple: send betcoin a tx wit 0 fee, then wait for a result tx, if your bet is a win, then confirm your tx, otherwise double-spend it.

1. Here I'll give you a bunch of transactions which you can examine. Note this is a chain of transactions, so just click on outputs to see.
https://blockchain.info/tx/4d731074447f02609c3110a187f9c6976f2bf255288ec5666ee270f09679619d
https://blockchain.info/tx/e0b44f68441ea0bad0f7694f735f496ce05238862534c6fea737b8903921185a

The double-spending of losing bets was performed by someone mining to https://blockchain.info/address/1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8 , you can check it yourself.

2. I tracked coins down to the origin
https://blockchain.info/tx/154ecb1eb72c933bc0707fa70deceb688361554ab81b901673d308aa84d9cfe9
The most interesting address here is 12PcHjajFJmDqz28yv4PEvBF4aJiFMuTFD
It's been involved in similar actions, look at this chain of win-only tx's
https://blockchain.info/tx/0c1a08d035862b01d075e8044b1e9ce52a8ad951b57d876a2a9a0e3502c41eb0
And the most interesting fact is that these zero-fee tx's inbetween winning ones were mined by ghash.io exclusively. Possibly this was a test attack.

3. Going further, I found the address the earnings from attack were sent to: 12e8322A9YqPbGBzFU6zXqn7KuBEHrpAAv
https://blockchain.info/tx/292e7354fbca1847f0cbdc87a7d62bc37e58e8b6fa773ef4846b959f28c42910
And then part of these funds (125 BTC) was sent to ghash.io's mining address:
https://blockchain.info/tx/48168cf655d0ac0c7c2733288ca72e69ecd515a9a0ab2821087eb33deb7c6962

4. Furthermore, I checked the funds mined to 1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8
In these 2 succeeding tx's they were moved to 199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn
https://blockchain.info/tx/e567ad6232de5285e0dc211d3f1c489b1e00e509118ba98a4825529d0a9197d9
https://blockchain.info/tx/faa7bc8b99376efa774045e79b42771fe668341b00290a61cd416992571c590d

This address is interesting, because it contains 6000 BTC and ~30% of funds come from ghash.io mining address.
https://blockchain.info/taint/199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn

5. And the last thing to spot:
GHash.io, being about 25% of network back then, didn't find a single block to its address between 25th and 27th of september!
https://blockchain.info/address/1CjPR7Z5ZSyWk6WtXvSFgkptmpoi4UM9BC?offset=1350&filter=2


I'm not jumping on conclusions, but these actions require public attention.
Comment here if you have anything to say.


I thought every body has to see this post. credit goes to RoadTrain  original post https://bitcointalk.org/index.php?topic=321630.0

www.mmitech.info

18kCuQtWtsYCJFkB6YEAMP69hAxDhwx1ae
1397945277
Hero Member
*
Offline Offline

Posts: 1397945277

View Profile Personal Message (Offline)

Ignore
1397945277
Reply with quote  #2

1397945277
Report to moderator

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397945277
Hero Member
*
Offline Offline

Posts: 1397945277

View Profile Personal Message (Offline)

Ignore
1397945277
Reply with quote  #2

1397945277
Report to moderator
1397945277
Hero Member
*
Offline Offline

Posts: 1397945277

View Profile Personal Message (Offline)

Ignore
1397945277
Reply with quote  #2

1397945277
Report to moderator
PatMan
Hero Member
*****
Offline Offline

Activity: 546


http://freehammond.org/


View Profile WWW

Ignore
November 08, 2013, 12:16:15 PM
 #2

I second this. This MUST be looked into immediately,and if found to be true & legitimate, an explanation demanded from ghash.io/cex.io

"When one person is deluded it is called insanity - when many people are deluded it is called religion" - Robert M. Pirsig.  I don't want your coins, I want change.
Amazon UK BTC payment service - https://bitcointalk.org/index.php?topic=301229.0 - with FREE next day delivery!
http://www.ae911truth.org/ - http://rethink911.org/ - http://rememberbuilding7.org/
pajak666
Sr. Member
****
Offline Offline

Activity: 364



View Profile WWW

Ignore
November 08, 2013, 12:26:24 PM
 #3

Oh shit this look so serious if true...

CobaltBlueD
Newbie
*
Offline Offline

Activity: 19

.


View Profile

Ignore
November 09, 2013, 03:22:52 AM
 #4

It is interesting how you buy & sell from cex.io. They keep all the bitcoin and control all the Gh. You have to 'withdrawl' BTC.  One interesting quirk, you can setup your workers to autopayout in 0.1BTC increments based on a 'shareholder' concept.

I agree.  Very well worth investigating.
oakpacific
Hero Member
*****
Offline Offline

Activity: 588


View Profile

Ignore
November 09, 2013, 07:13:59 AM
 #5

Whether the accusation could be proven or not, I second that it deserves an investigation.

Nothing great was ever achieved without irrational exuberance.
freedomno1
Sr. Member
****
Offline Offline

Activity: 406


Activity: 9001 == OP


View Profile

Ignore
November 09, 2013, 07:36:54 AM
 #6

Investigation recommended as well

✰ A Ship Is Safe In The Harbor,  But That's Not What Ships Are For | PrimeDice.com | The New Way To Roll  *Thread*
Searching for freedom, and believing in bitcoins ability to change the world
BTC Tip Jar 1EByjy9e4FeGZuTV4Rx5hbf4PnFt7jGh8M
realitycheck
Member
**
Offline Offline

Activity: 92


View Profile

Ignore
November 09, 2013, 06:59:45 PM
 #7

cex.iohave recently registered as a UK company - could this action (if them) be down to an employee taking advantage?  Seems like the cex.io buiness plan looks profitable - not worth messing with gambling perhaps?

Thoughts?

CEX.IO  - Get yourself into bitcoin mining -no min starting point to figure out how it works while you mine.
gmaxwell
Staff
Hero Member
*****
Offline Offline

Activity: 1078


View Profile

Ignore
November 09, 2013, 08:18:17 PM
 #8

Taking irreversible actions on unconfirmed transactions is not safe. This is not news.  Big hashpower consolidations are not safe. This is not news.

While I'm sympathetic about losses and don't support theft— it appears that many Bitcoin gambling services are run from places where their legality is probably questionable, and as a result getting help from the courts may not be an option— and even if it is, it's very expensive and takes a long time. Your best bet is to protect yourself by not transacting in a way which is insecure relative to the network that exists today.

The operators of high transaction inefficient gambling services (the ones with two transactions per tiny bet) have many times responded to the Bitcoin community members concerned about their services abusing our common network resources and costing money node operators saying that we should all be thankful for the valuable "test" they are performing and the encouragement it provides to improve the infrastructure. Some parallels could be drawn from people exploiting insecure unconfirmed transaction behavior …
Luke-Jr
Hero Member
*****
Offline Offline

Activity: 1218



View Profile

Ignore
November 09, 2013, 08:27:46 PM
 #9

Indeed, a Dice site setup properly wouldn't be vulnerable to this.

(this is not an endorsement of the double spending)

helmax
Sr. Member
****
Offline Offline

Activity: 252



View Profile

Ignore
November 09, 2013, 08:28:58 PM
 #10

this is serious research required

After I had been stolen, i open my trust and respect for you!!
Remember always you will do business or deal with GROUPS BUYS contact me first!!
 dont forget Free escrow service we will burn this fucker scammers!
MTBmanTT
Jr. Member
*
Offline Offline

Activity: 54

Bitcoin: The new Wild West


View Profile

Ignore
November 10, 2013, 06:09:31 AM
 #11

Can someone explain this to me like a 5yr old please

BTC: 15EsnLVpCqAKMC59hm5BUYvTLMWXxmwh2D http://scrypt.cc?ref=babi4 LTC: LYgXWLpzQUjWXAHtc7ouMbf83pBTPsGfVG
dbbit
Full Member
***
Offline Offline

Activity: 224


View Profile

Ignore
November 10, 2013, 11:51:05 AM
 #12

Can someone explain this to me like a 5yr old please

Sure. Imagine 3 sisters (let's call them the Potters).

Annie owns 1 doll.  Sally owns 1 doll.  Jane owns no dolls.

Now of course, doll ownership in the Potter household is only as good as to when Annie, Sally, Jane, Mom and Dad agrees to who owns what. Annie can't just take Sally's doll, as everyone knows it's not hers and will just restore rightful ownership.


However, Annie comes up with a plan. She makes a bet with Sally at school. She rolls a dice, with the terms that if Sally wins Sally would get Annie's doll when they get home. If Annie wins, she would get Sally's doll.

Let's say Sally is honest but Annie is not. The roll the dice. If Annie happens to win, Sally gives her the doll. They're both happy... well, except for Sally - but they're in agreement at least.

However, if Annie happens to lose, she quickly goes running to Jane and say: "Hey Jane, remember that doll that I have, I can trade it to you for your bottle of Corona". Jane says ok, so then they phone up mom and dad, and say: "Hey mom, Annie's doll now belongs to Jane, and Jane's Corona now belongs to Annie".  Mom and Dad says ok, so now Annie's doll now belongs to Jane, and Annie starts her long journey of Corona addiction that ends with her turning tricks on Hollywood Boulevard until one very unfortunate night with Gary Busey... but more about that at another time.

Meanwhile, Sally gets home and finds that she's not getting Annie's doll. Since everybody else now thinks that Annie doesn't have a doll anymore, and it now belongs to Jane. Sally can complain like she wants, but mom and dad doesn't understand why Sally would make a bet with Annie against a doll that really belongs to Jane. Of course, in real life Sally would now beat up Annie with a baseball bet, which is why a stunt like this works better in BitCoin land than in Vegas (well, except if you cross DPR.).

mmitech
Sr. Member
****
Offline Offline

Activity: 406


things you own end up owning you


View Profile

Ignore
November 10, 2013, 12:11:25 PM
 #13

Can someone explain this to me like a 5yr old please

Sure. Imagine 3 sisters (let's call them the Potters).

Annie owns 1 doll.  Sally owns 1 doll.  Jane owns no dolls.

Now of course, doll ownership in the Potter household is only as good as to when Annie, Sally, Jane, Mom and Dad agrees to who owns what. Annie can't just take Sally's doll, as everyone knows it's not hers and will just restore rightful ownership.


However, Annie comes up with a plan. She makes a bet with Sally at school. She rolls a dice, with the terms that if Sally wins Sally would get Annie's doll when they get home. If Annie wins, she would get Sally's doll.

Let's say Sally is honest but Annie is not. The roll the dice. If Annie happens to win, Sally gives her the doll. They're both happy... well, except for Sally - but they're in agreement at least.

However, if Annie happens to lose, she quickly goes running to Jane and say: "Hey Jane, remember that doll that I have, I can trade it to you for your bottle of Corona". Jane says ok, so then they phone up mom and dad, and say: "Hey mom, Annie's doll now belongs to Jane, and Jane's Corona now belongs to Annie".  Mom and Dad says ok, so now Annie's doll now belongs to Jane, and Annie starts her long journey of Corona addiction that ends with her turning tricks on Hollywood Boulevard until one very unfortunate night with Gary Busey... but more about that at another time.

Meanwhile, Sally gets home and finds that she's not getting Annie's doll. Since everybody else now thinks that Annie doesn't have a doll anymore, and it now belongs to Jane. Sally can complain like she wants, but mom and dad doesn't understand why Sally would make a bet with Annie against a doll that really belongs to Jane. Of course, in real life Sally would now beat up Annie with a baseball bet, which is why a stunt like this works better in BitCoin land than in Vegas (well, except if you cross DPR.).



amazing story hahahaha, you should just add that Annie is Ghash.io and Sally is BetCoin and the parents are the Bitcoin protocol Smiley which leaves Jane that I cant put anywhere.

www.mmitech.info

18kCuQtWtsYCJFkB6YEAMP69hAxDhwx1ae
SquallLeonhart
Member
**
Offline Offline

Activity: 98


View Profile

Ignore
November 10, 2013, 12:28:19 PM
 #14

I don't believe they are doing this... maybe its one of the employee?

----->   The first live betting site for Bitcoins! - BitcoinLiveBets.com
-------------------------------------------------------------------------
Live betting on many games now available plus thousands of bets for all major sports!
dbbit
Full Member
***
Offline Offline

Activity: 224


View Profile

Ignore
November 10, 2013, 12:51:07 PM
 #15

which leaves Jane that I cant put anywhere.

The account that you do the double-spend to.
drawingthesun
Sr. Member
****
Offline Offline

Activity: 462


View Profile

Ignore
November 10, 2013, 01:05:36 PM
 #16

amazing story hahahaha, you should just add that Annie is Ghash.io and Sally is BetCoin and the parents are the Bitcoin protocol Smiley which leaves Jane that I cant put anywhere.

Jane is also Ghash.io.

ActiveMining Knowledge Thread!

1JqqGRV4VSnowwC7By7wWeiJTB7bvMWnt3
MTBmanTT
Jr. Member
*
Offline Offline

Activity: 54

Bitcoin: The new Wild West


View Profile

Ignore
November 10, 2013, 04:32:58 PM
 #17

Can someone explain this to me like a 5yr old please

Sure. Imagine 3 sisters (let's call them the Potters).

Annie owns 1 doll.  Sally owns 1 doll.  Jane owns no dolls.

Now of course, doll ownership in the Potter household is only as good as to when Annie, Sally, Jane, Mom and Dad agrees to who owns what. Annie can't just take Sally's doll, as everyone knows it's not hers and will just restore rightful ownership.


However, Annie comes up with a plan. She makes a bet with Sally at school. She rolls a dice, with the terms that if Sally wins Sally would get Annie's doll when they get home. If Annie wins, she would get Sally's doll.

Let's say Sally is honest but Annie is not. The roll the dice. If Annie happens to win, Sally gives her the doll. They're both happy... well, except for Sally - but they're in agreement at least.

However, if Annie happens to lose, she quickly goes running to Jane and say: "Hey Jane, remember that doll that I have, I can trade it to you for your bottle of Corona". Jane says ok, so then they phone up mom and dad, and say: "Hey mom, Annie's doll now belongs to Jane, and Jane's Corona now belongs to Annie".  Mom and Dad says ok, so now Annie's doll now belongs to Jane, and Annie starts her long journey of Corona addiction that ends with her turning tricks on Hollywood Boulevard until one very unfortunate night with Gary Busey... but more about that at another time.

Meanwhile, Sally gets home and finds that she's not getting Annie's doll. Since everybody else now thinks that Annie doesn't have a doll anymore, and it now belongs to Jane. Sally can complain like she wants, but mom and dad doesn't understand why Sally would make a bet with Annie against a doll that really belongs to Jane. Of course, in real life Sally would now beat up Annie with a baseball bet, which is why a stunt like this works better in BitCoin land than in Vegas (well, except if you cross DPR.).




Nice story lol, much clearer now - thank you


BTC: 15EsnLVpCqAKMC59hm5BUYvTLMWXxmwh2D http://scrypt.cc?ref=babi4 LTC: LYgXWLpzQUjWXAHtc7ouMbf83pBTPsGfVG
mmitech
Sr. Member
****
Offline Offline

Activity: 406


things you own end up owning you


View Profile

Ignore
November 10, 2013, 06:37:46 PM
 #18

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

it worries me when they get close to 51%, then the question is if they are doing it now, what will they do with 51% and that what matters to me at this point.

what the cumunity can do about it, I guess nothing, they are a private pool , they will be adding more and more power this is no question, in the classic case, miners can always switch to other pools when they feel the threat but what is the solution when some big private pool does this.

www.mmitech.info

18kCuQtWtsYCJFkB6YEAMP69hAxDhwx1ae
bee7
Sr. Member
****
Offline Offline

Activity: 280


View Profile

Ignore
November 10, 2013, 07:14:49 PM
 #19

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

Exactly
Luke-Jr
Hero Member
*****
Offline Offline

Activity: 1218



View Profile

Ignore
November 10, 2013, 07:55:53 PM
 #20

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.
I'm not sure it's that simple.
BetCoin Dice is currently* a DDoS attack against Bitcoin. GHash.IO's actions here could be construed as a kind of self-defence.

* BetCoin has indicated they will correct this problem eventually.

Pages: [1] 2 3 4 5 6 7 8 9 10  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!