GHash.IO and double-spending against BetCoin Dice

[mmitech]

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

I'm not sure it's that simple.
BetCoin Dice is currently* a DDoS attack against Bitcoin. GHash.IO's actions here could be construed as a kind of self-defence.

* BetCoin has indicated they will correct this problem eventually.

I really don't understand how can BetCoin or any other service be a threat to Bitcoin, can you please explain it, maybe I was missing something ?

[1713556324]

1713556324

[1713556324]

1713556324

[1713556324]

1713556324

[bee7]

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

I'm not sure it's that simple.
BetCoin Dice is currently* a DDoS attack against Bitcoin. GHash.IO's actions here could be construed as a kind of self-defence.

* BetCoin has indicated they will correct this problem eventually.

I am not going to defend the BetCoin's behavior in any way (starting from copying SD's site nearly byte-by-byte). But the much more appropriate self-defence against blockchain flooding, IMHO, would be to tweak the bitcoind just to drop the transactions related to the BetCoin's addresses off the mempool, not to cheat them as a response.

[jl2012]

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

I'm not sure it's that simple.
BetCoin Dice is currently* a DDoS attack against Bitcoin. GHash.IO's actions here could be construed as a kind of self-defence.

* BetCoin has indicated they will correct this problem eventually.

I am not going to defend the BetCoin's behavior in any way (starting from copying SD's site nearly byte-by-byte). But the much more appropriate self-defence against blockchain flooding, IMHO, would be to tweak the bitcoind just to drop the transactions related to the BetCoin's addresses off the mempool, not to cheat them as a response.

Accepting big-value zero-fee zero-confirmation transaction is stupid. They deserve it.

[gmaxwell]

Unconfirmed double spends are also perfectly possible without any hashpower at all... though you can certainly do them more consistently with some.

Especially with these stupid gambling services: you only need to change the txid so the actual better can have plausible deny-ability in the doublespending, and being successful only a small percentage of the time is enough to shift the odds in favor from the house to the player.

Might be worth offering two alternative hypothesizes that the data also works for:

(1) attacker spent a whole lot of BTC to frame ghash.io by paying it to a well known address of theirs unsolicited.
(2) ghash.io sold their hashpower to a third party, who used it to perform the attack and the payments were payments for more hashpower.

(IMO, (2) should be regarded as the community as even _worse_ than attacking themselves, ... but I know that the community doesn't regard blindly selling hashpower as treacherous.)

[RoadTrain]

Unconfirmed double spends are also perfectly possible without any hashpower at all... though you can certainly do them more consistently with some.

Especially with these stupid gambling services: you only need to change the txid so the actual better can have plausible deny-ability in the doublespending, and being successful only a small percentage of the time is enough to shift the odds in favor from the house to the player.

Might be worth offering two alternative hypothesizes that the data also works for:

(1) attacker spent a whole lot of BTC to frame ghash.io by paying it to a well known address of theirs unsolicited.
(2) ghash.io sold their hashpower to a third party, who used it to perform the attack and the payments were payments for more hashpower.

(IMO, (2) should be regarded as the community as even _worse_ than attacking themselves, ... but I know that the community doesn't regard blindly selling hashpower as treacherous.)

But (1) doesn't explain why ghash found 0 blocks to their address during the attack.
(2) is possible, but we need more data.

It would be good to hear from someone who had been mining on ghash back then to check their earnings.

[gmaxwell]

But (1) doesn't explain why ghash found 0 blocks to their address during the attack.

No, but sometimes even high power pools will get massively unlucky. ... but if the miners were still paid, then yea, that supports the original hypothesis or (2).

[CEX]

We are now aware of this issue and we will perform an internal investigation to find out who is responsible for this.
Thank you for pointing out.

[Come-from-Beyond]

We are now aware of this issue and we will perform an internal investigation to find out who is responsible for this.

And what will u do? Call the police?

[Mike Hearn]

If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we?

I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is.

An interesting and historic milestone! I think this would be the first time we've seen miners profitably double-spend against merchants. If ghash.io was selling their hashpower to a criminal (and defrauding merchants is a crime regardless of the exact technique you're using), then that suggests we should be formally discouraging miners from using that pool.

[dave111223]

If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we?

I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is.

An interesting and historic milestone! I think this would be the first time we've seen miners profitably double-spend against merchants. If ghash.io was selling their hashpower to a criminal (and defrauding merchants is a crime regardless of the exact technique you're using), then that suggests we should be formally discouraging miners from using that pool.

From my experience with Cex.io you don't actually gain access to any mining hardware, you just receive the pool shares/payouts based on the hashrate that you "own".

(But then again I may have missed some more advanced menus or something)

[mmitech]

If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we?

I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is.

An interesting and historic milestone! I think this would be the first time we've seen miners profitably double-spend against merchants. If ghash.io was selling their hashpower to a criminal (and defrauding merchants is a crime regardless of the exact technique you're using), then that suggests we should be formally discouraging miners from using that pool.

well it is a private operation with private hardware, miners cant do anything about it, this is the time when miners have to start thinking about using p2pool.

[gh2k]

One thing I'm fuzzy on is how having lots of hashing power helps in this attack. As I understand it:

- You send a transaction for x coins and no fee. It will get confirmed /eventually/, but not for a while.
- A dice is rolled before the transaction is confirmed.  (silly gambling site!)
- If you win, you win. You wait for the transaction to be confirmed so everyone agrees what happened.
- If you lose, you send another transaction for the same x coins. (This time /with/ a fee?)
- The transaction is confirmed first as it has a higher fee and therefore more chance of getting into a block. This invalidates the previous transaction, and your subsequent loss to the gambling site.

You don't need to solve a block for this to happen, so what is the benefit of having the hashing power?

[gmaxwell]

You don't need to solve a block for this to happen, so what is the benefit of having the hashing power?

Not quite. At least today miners who have mempool accepted a transaction will not accept a conflicting one with higher fees, even if they're not attempting to mine the lower fee one yet.

You can pull off doublespends against no-confirm acceptors today, but it's a heck of a lot easier to do it reliably if you have some friendly hashpower.

[IYFTech]

We are now aware of this issue and we will perform an internal investigation to find out who is responsible for this.
Thank you for pointing out.

Actually, you've been aware of it for a long time, you just didn't bother acknowledging it. I posted the details on your official thread on October 30th (which you completely ignored) here:

https://bitcointalk.org/index.php?topic=318010.60

In fact, you have completely ignored every question from everyone regarding this until now - why was that I wonder?

[gmaxwell]

If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we?
I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is.

Someone who no longer has an ownership interest in it.

CEX.IO doesn't rent out hashpower. They actually sell hardware "ownership" by the GH/s.  You pay them some amount upfront per GH/s, equal to a fairly high price for mining hardware ($36.6/GH/s), and you "forever" own an interest in some hardware. If you own enough to equal at least one board worth, you can pay for shipping and have some gear de-racked and sent to you. They also provide a market where current owners of hardware can sell it to new owners.  They charge maintenance fees on the hardware (denominated in USD, currently about 2.78% of your income).

All of this hashrate, while in their hands, is currently required to be pointed at their "partner" mining pool, GHash.io which is an invite only pool.

Maybe a larger CEX.IO hashrate owner could get them to redirect their hashrate to something else, but thats not advertised anywhere, it's not clear to me that they'd have any obligation to do so... though I was unable to find a lot of detailed T/C for owning the hashrate, their contract mostly seems to focus on their exchange business.

[bclcjunkie]

this... and i'm sure if they can explain that outage everything else will become clearer...

Unconfirmed double spends are also perfectly possible without any hashpower at all... though you can certainly do them more consistently with some.

Especially with these stupid gambling services: you only need to change the txid so the actual better can have plausible deny-ability in the doublespending, and being successful only a small percentage of the time is enough to shift the odds in favor from the house to the player.

Might be worth offering two alternative hypothesizes that the data also works for:

(1) attacker spent a whole lot of BTC to frame ghash.io by paying it to a well known address of theirs unsolicited.
(2) ghash.io sold their hashpower to a third party, who used it to perform the attack and the payments were payments for more hashpower.

(IMO, (2) should be regarded as the community as even _worse_ than attacking themselves, ... but I know that the community doesn't regard blindly selling hashpower as treacherous.)

But (1) doesn't explain why ghash found 0 blocks to their address during the attack.
(2) is possible, but we need more data.

It would be good to hear from someone who had been mining on ghash back then to check their earnings.

[jeppe]

If this is actually true then cex.io needs to give an explanation !! I wouldn't trust them if this is true!

[Luke-Jr]

You don't need to solve a block for this to happen, so what is the benefit of having the hashing power?

Not quite. At least today miners who have mempool accepted a transaction will not accept a conflicting one with higher fees, even if they're not attempting to mine the lower fee one yet.

You can pull off doublespends against no-confirm acceptors today, but it's a heck of a lot easier to do it reliably if you have some friendly hashpower.

Well, it's not quite that simple either.
If miners are behaving responsibly, they will have spam filters in place to avoid mining flood/DDoS transactions such as those going to BetCoin Dice.
There are two ways to filter transactions:
The most obvious way is to reject them from the memorypool. This has the benefit of not using up resources upfront. It also means you will accept any conflicting (eg, double-spending) transaction, no matter how much later it appears. For the miner and Bitcoin network, this is all positive. For BetCoin Dice, it means they are very vulnerable.
The other way, would be to accept it to your memorypool, but blacklist it from mining or relaying. This consumes the miner's resources, and if they don't have a sufficiently large memorypool, could cause them to mine fewer legitimate transactions. But it protects the spammers like BetCoin Dice because the double-spend is once again rejected.
When I ran Eligius, I experimented with both solutions at different times, and decided the former (which is better for Bitcoin and the pool, but bad for the flooder) is likely the more reasonable solution.

But to conclude, if miners are acting in the interests of Bitcoin, it will rationally be rather easy for anyone to double-spend DDoS transactions.

[PatMan]

We are now aware of this issue and we will perform an internal investigation to find out who is responsible for this.
Thank you for pointing out.

So, finally cex.io/ghash.io have decided to respond. I'd like to think that this was purely due to pressure from the Bitcoin community, well done.

Cex.io/ghash.io investigating cex.io/ghash.io though - can't wait to see how that pans out It's like the police investigating the police  .

Still, this is their chance to silence the critics and clear their name, I only hope they take this opportunity to do so - and do it well.

Cex.io/ghash.io have found a niche market that appeals to noobs who want to get into mining but can't afford the hardware - it gives them an option to get into mining that they would never have had before, which is to be commended (even if it is at an extortionate price per G/hash). This section of users are inexperienced with Bitcoin & it's workings, and throw their trust (and hard earned cash) into cex.io/ghash.io blindly - not fully understanding the consequences of their actions. My concern is that if cex.io/ghash.io have already conned a Bitcoin company -and therefore Bitcoin itself - what is stopping them from doing it again to their users? One only has to look around to see other pools and wallet services that have done the same thing, services that had no scam accusations against them and seemed much more trustworthy than this one does.
Imagine if the worst happened & cex.io/ghash.io done a GBL & disappeared overnight - there would be a huge outcry from it's users all asking the same question - why weren't we warned? Why didn't anyone tell us about them?

Roadtrain has gone out on a limb, putting his reputation on the line & provided pretty solid evidence to substantiate the scam accusation, not for personal gain, but to inform the community of what he believes is going on - the least the community can do is warn users of cex.io/ghash.io of the current accusations until solid evidence/actions are taken by cex.io/ghash.io that either prove their innocence or that appropriate action has been taken against the employee who perpetrated the con (if any).

I urge cex/ghash to grab this opportunity to clear their name, I also urge the Bitcoin community to keep the pressure on them to do so - it can only be good for everyone.

Peace 

[gmaxwell]

which is to be commended

I haven't seen anything to commend except their business savvy:

Hashrate on their service is >2x more expensive than actually buying the hardware— more like 10x the price of stuff still in pre-order, and will never make a profit at those prices according to the calculator on their site. By doing so they centralize mining and create a moral hazard with apparent results like the one's we've seen here.