Bitcoin Forum
November 16, 2024, 10:36:12 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 »  All
  Print  
Author Topic: GHash.IO and double-spending against BetCoin Dice  (Read 112083 times)
itod
Legendary
*
Offline Offline

Activity: 1974
Merit: 1077


^ Will code for Bitcoins


View Profile
January 10, 2014, 07:52:35 PM
 #181

I totally agree, the problem is with miners, I have the feeling that most of miners don't have a basic understanding of the protocol, and most of them cares only about how much they can mine and at what price they will sell.

It's always easy to think others don't understand something, but it's a lousy explanation. Look at this from a miners perspective - let's say you've invested 50-100 BTC in couple of miners and expect to mine 30 BTC in a few months or half a year. There are only three pools with network percentage above 5%: Eligius, BTC Guild and GHash.IO. BTC Guild is notorious for its 3% mining fee, compared to GHash 0%. If you mine 30 BTC in above example, is it all right for you to keep 29 BTC and give 1 BTC to BTC Guild or would you try to keep all 30? Eligius is a pool with worse service of those three, with great variance, and many miners are reporting 2% less income when mining on it than other two pools. We know from many papers why mining on pools with small percentages is not much better than solo mining, so miners have no alternative. They have to either go to GHash.IO, or accept less income for the good of the network. It's not a solution to bitch at GHash.IO, but to bring some high-quality competition on the market. Until then GHash.IO will have to artificially reduce it's own network percentage by rejecting new users who want their services.
mmitech (OP)
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


things you own end up owning you


View Profile
January 10, 2014, 08:04:06 PM
 #182

I totally agree, the problem is with miners, I have the feeling that most of miners don't have a basic understanding of the protocol, and most of them cares only about how much they can mine and at what price they will sell.

It's always easy to think others don't understand something, but it's a lousy explanation. Look at this from a miners perspective - let's say you've invested 50-100 BTC in couple of miners and expect to mine 30 BTC in a few months or half a year. There are only three pools with network percentage above 5%: Eligius, BTC Guild and GHash.IO. BTC Guild is notorious for its 3% mining fee, compared to GHash 0%. If you mine 30 BTC in above example, is it all right for you to keep 29 BTC and give 1 BTC to BTC Guild or would you try to keep all 30? Eligius is a pool with worse service of those three, with great variance, and many miners are reporting 2% less income when mining on it than other two pools. We know from many papers why mining on pools with small percentages is not much better than solo mining, so miners have no alternative. They have to either go to GHash.IO, or accept less income for the good of the network. It's not a solution to bitch at GHash.IO, but to bring some high-quality competition on the market. Until then GHash.IO will have to artificially reduce it's own network percentage by rejecting new users who want their services.

P2pool with 0% is your answer, and yes miners created this situation, there were plenty of pools out there and the network was more or less balanced, but most of new miners were thinking of that 0% fee instead of the network overall health.....

beat me to it, new miners have no clue of how Bitcoin works and they always think bigger is better, BTW they doesn't give a flying fuck simply because they don't understand, just look, the prove that we are trying to spread the word for few months and it keeps getting worse, it is like we are doing Ghash.IO free advertisement...

when all miners spread their hashes the variance issue will be resolved, but you all have to start trying, you are carrying the network and you have to start acting responsibly, if you are aware of this then try to remind your fellow miners educate them and spread the word .... 
IYFTech
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


WANTED: Active dev to fix & re-write p2pool in C


View Profile
January 12, 2014, 03:14:10 AM
 #183

I totally agree, the problem is with miners, I have the feeling that most of miners don't have a basic understanding of the protocol, and most of them cares only about how much they can mine and at what price they will sell.

It's always easy to think others don't understand something, but it's a lousy explanation. Look at this from a miners perspective - let's say you've invested 50-100 BTC in couple of miners and expect to mine 30 BTC in a few months or half a year. There are only three pools with network percentage above 5%: Eligius, BTC Guild and GHash.IO. BTC Guild is notorious for its 3% mining fee, compared to GHash 0%. If you mine 30 BTC in above example, is it all right for you to keep 29 BTC and give 1 BTC to BTC Guild or would you try to keep all 30? Eligius is a pool with worse service of those three, with great variance, and many miners are reporting 2% less income when mining on it than other two pools. We know from many papers why mining on pools with small percentages is not much better than solo mining, so miners have no alternative. They have to either go to GHash.IO, or accept less income for the good of the network. It's not a solution to bitch at GHash.IO, but to bring some high-quality competition on the market. Until then GHash.IO will have to artificially reduce it's own network percentage by rejecting new users who want their services.

P2pool with 0% is your answer, and yes miners created this situation, there were plenty of pools out there and the network was more or less balanced, but most of new miners were thinking of that 0% fee instead of the network overall health.....

beat me to it, new miners have no clue of how Bitcoin works and they always think bigger is better, BTW they doesn't give a flying fuck simply because they don't understand, just look, the prove that we are trying to spread the word for few months and it keeps getting worse, it is like we are doing Ghash.IO free advertisement...

when all miners spread their hashes the variance issue will be resolved, but you all have to start trying, you are carrying the network and you have to start acting responsibly, if you are aware of this then try to remind your fellow miners educate them and spread the word .... 

Hammer. Nail. Head.   +1

-- Smiley  Thank you for smoking  Smiley --  If you paid VAT to dogie for items you should read this thread:  https://bitcointalk.org/index.php?topic=1018906.0
Bendah!
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
January 14, 2014, 01:50:42 AM
 #184

How exactly does one do any of this?  Even with 51%? I don't understand how any of this is possible =/
domob
Legendary
*
Offline Offline

Activity: 1135
Merit: 1170


View Profile WWW
January 14, 2014, 07:11:16 AM
 #185

How exactly does one do any of this?  Even with 51%? I don't understand how any of this is possible =/

The way how those gaming sites like BetCoin Dice work is that whenever they see a transaction to one of their addresses, they immediately (i. e., without confirmations) check their random number and send back a winning or losing transaction.  This makes them particularly prone to double-spending attacks, where the attacker only in case they lost the bet try to send a double-spend transaction with much higher fees.  If the second one gets confirmed, they get back their "lost" bet, and can this way just collect the winnings without losing any money.  I think this was already performed against Satoshi Dice as a proof-of-concept a year ago or something like that.

You don't even need 51% (or any hash rate at all) to attempt such attacks, but what was alleged against GHash.IO in this thead is that they cooperate with the attackers (or are the attackers themselves) by specifically mining the double-spend transaction.  This makes it much easier to have it actually confirmed, as opposed to the case where you just hope on your luck and use high fees to incentivise pools to mine the attack transaction rather than the original one.

Use your Namecoin identity as OpenID: https://nameid.org/
Donations: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS | GPG 0xA7330737
baller1
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
January 14, 2014, 08:19:29 AM
Last edit: January 14, 2014, 08:38:45 AM by baller1
 #186

Ghash is at 38% again, watching the blockchain over the last week, their luck has been great, (as expected) so why would any miner WANT to leave,
it's something that needs to be looked at by the core devs at bitcoin.

I use BTCguild and Eligius, and both have had pretty crummy luck this week,
BTCguild has some of the lowest luck I've seen from them in awhile, about 102.28% currently,
I know still decent, but I actually think that # is a bit high, and I know even BTCguild could hold a majority too,
depending on how the next couple of months go,

the point is, if one pool is doing a lot better, a representation of having a huge amount of hash,
people who can sign into there will,
and the percentage will eventually become 40% again, or greater.
It's human nature to be with a "winning team".

I feel like there should be an agreement (possibly backed by incentive given by the community)
by a lot of miners to all switch into other pools whenever this problem arises,

this way those new pools will have more hash and their block intake should increase, it will give them incentive
then just saying "Get out of Ghash" .. those people can see Ghash pulling in block after block, they're not gonna leave.
Sir Alan
Full Member
***
Offline Offline

Activity: 221
Merit: 100


View Profile
January 16, 2014, 07:10:16 PM
 #187

GHash.IO has taken a block from under the nose of Slush in odd circumstances.  See blocks 280616 and 280617.  Both Slush and GHash.IO reported 280616 at the same time - 12:17:31 - so maybe Slush missed out by a whisker, but just look at the GHash.IO time stamp: at 12:20:06 it's not only considerably later than the report time, but also later than the time and report stamps on 280617!

I'm suspicious.  They snatched two blocks back in December when Slush claimed 275684 and 275792, both being reported before GHash.IO, but in each case when GHash.IO mined the next succeeding block they attached it to their own later fork, orphaning Slush.

1Eeyore17YeHrbJW5Q3pSdV8sXujkdrrFc
whtchocla7e
Full Member
***
Offline Offline

Activity: 392
Merit: 116


Worlds Simplest Cryptocurrency Wallet


View Profile
January 16, 2014, 07:16:27 PM
 #188

Lets all flock to P2Pool and hope P2Pool doesn't go rouge...  Cheesy
It's all a big circle. Too fun to watch.

Quote
▂▂▂▂▂▂▂▂▂▂▂▂▂▃▅▆█ L E A D █▆▅▃▂▂▂▂▂▂▂▂▂▂▂▂
World's Simplest and Safest Decentralized Cryptocurrency Wallet!
▬▬▬▬▬▬▬ • STORE • SEND • SPEND • SWAP • STAKE • ▬▬▬▬▬▬
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
January 16, 2014, 07:19:40 PM
 #189

I'm suspicious.  They snatched two blocks back in December when Slush claimed 275684 and 275792, both being reported before GHash.IO, but in each case when GHash.IO mined the next succeeding block they attached it to their own later fork, orphaning Slush.

Nothing suspicious, this is called Selfish Mining.
AussieHash
Hero Member
*****
Offline Offline

Activity: 692
Merit: 500



View Profile
January 22, 2014, 08:44:23 AM
 #190

The wheels are falling off ghash now

8 orphaned/stale/rejected blocks out of the last 77 blocks

https://blockchain.info/block-index/0000000000000000a3148a8588903340bdad49e7e7c2d127c54389c252a05eeb
https://blockchain.info/block-index/00000000000000021908a1679e01b236211710226ae38ba2f17185f976cdd5d0
https://blockchain.info/block-index/0000000000000001e7f22d05c29df9eb3c58f32c573b28236c576021b8437304
https://blockchain.info/block-index/00000000000000014245a97e19599ba06affd1279915ee10189e4494609eb876
https://blockchain.info/block-index/0000000000000000b614413beee558ba56835c230bb27bab951da5590e22cd37
https://blockchain.info/block-index/000000000000000134ae6df18d6792dc72a06632d0d134b2fe9fdbacd1cb7619
https://blockchain.info/block-index/00000000000000023198e09f05e27b0441e1b29ed8e47544df37cd117688a0de
https://blockchain.info/block-index/00000000000000020e14f90c4036355e6f4e3da3706f1120f06f3f031317a398
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


Gresham's Lawyer


View Profile WWW
January 22, 2014, 07:05:03 PM
 #191

Ghash is at 38% again, watching the blockchain over the last week, their luck has been great, (as expected) so why would any miner WANT to leave,
it's something that needs to be looked at by the core devs at bitcoin.

It may be a much higher percentage than is indicated.
Due to the way the Getblocktemplate works it may be possible for ghash to mine its own blocks from within the eligius or triplemining or other pool with this enabled. 

Although the protocol is designed with the purpose of increasing decentralization, it seems capable of also doing the opposite.
Perhaps this protocol can allow a pool owner to mask an existing 51% capability.  If used sufficiently sparingly, would this even be detected?

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
bee7
Hero Member
*****
Offline Offline

Activity: 574
Merit: 523


View Profile
January 22, 2014, 09:17:52 PM
 #192

Ghash is at 38% again, watching the blockchain over the last week, their luck has been great, (as expected) so why would any miner WANT to leave,
it's something that needs to be looked at by the core devs at bitcoin.

It may be a much higher percentage than is indicated.
Due to the way the Getblocktemplate works it may be possible for ghash to mine its own blocks from within the eligius or triplemining or other pool with this enabled.  

Although the protocol is designed with the purpose of increasing decentralization, it seems capable of also doing the opposite.
Perhaps this protocol can allow a pool owner to mask an existing 51% capability.  If used sufficiently sparingly, would this even be detected?

I doubt. Although GBT allow you to submit any 'syntactically' valid block any pool operator wants to keep control on coinbase tx content at least. If I were a pool op I would implement the check of all other transactions submitted with a block that they match the set of tx previously sent to the gbt client as well. So, there should be no way to submit a block that has any intentionally altered data apart from nonce, extra nonce and possibly block time stamp when protocol allows it. I hope, that eligius op is aware of these possible targets of attack. So, targeting some hash power of the ghash.io on mining over gbt at eligius should not be harmful in any way IMO.
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


Gresham's Lawyer


View Profile WWW
January 22, 2014, 10:02:59 PM
 #193

Ghash is at 38% again, watching the blockchain over the last week, their luck has been great, (as expected) so why would any miner WANT to leave,
it's something that needs to be looked at by the core devs at bitcoin.

It may be a much higher percentage than is indicated.
Due to the way the Getblocktemplate works it may be possible for ghash to mine its own blocks from within the eligius or triplemining or other pool with this enabled.  

Although the protocol is designed with the purpose of increasing decentralization, it seems capable of also doing the opposite.
Perhaps this protocol can allow a pool owner to mask an existing 51% capability.  If used sufficiently sparingly, would this even be detected?

I doubt. Although GBT allow you to submit any 'syntactically' valid block any pool operator wants to keep control on coinbase tx content at least. If I were a pool op I would implement the check of all other transactions submitted with a block that they match the set of tx previously sent to the gbt client as well. So, there should be no way to submit a block that has any intentionally altered data apart from nonce, extra nonce and possibly block time stamp when protocol allows it. I hope, that eligius op is aware of these possible targets of attack. So, targeting some hash power of the ghash.io on mining over gbt at eligius should not be harmful in any way IMO.

We agree it is unlikely.  Also unlikely is the families of ghash and eligius and btc guild all get kidnapped.  The point of this thread (it appears) is to identify and suggest amelioration techniques for the pool risks in proportion to their likelihood and potential harm.

We don't have transparency on which pools CEX equip is moved to, all this is speculation.  We really don't know the level of danger.

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
bee7
Hero Member
*****
Offline Offline

Activity: 574
Merit: 523


View Profile
January 22, 2014, 10:15:21 PM
 #194

Ghash is at 38% again, watching the blockchain over the last week, their luck has been great, (as expected) so why would any miner WANT to leave,
it's something that needs to be looked at by the core devs at bitcoin.

It may be a much higher percentage than is indicated.
Due to the way the Getblocktemplate works it may be possible for ghash to mine its own blocks from within the eligius or triplemining or other pool with this enabled.  

Although the protocol is designed with the purpose of increasing decentralization, it seems capable of also doing the opposite.
Perhaps this protocol can allow a pool owner to mask an existing 51% capability.  If used sufficiently sparingly, would this even be detected?

I doubt. Although GBT allow you to submit any 'syntactically' valid block any pool operator wants to keep control on coinbase tx content at least. If I were a pool op I would implement the check of all other transactions submitted with a block that they match the set of tx previously sent to the gbt client as well. So, there should be no way to submit a block that has any intentionally altered data apart from nonce, extra nonce and possibly block time stamp when protocol allows it. I hope, that eligius op is aware of these possible targets of attack. So, targeting some hash power of the ghash.io on mining over gbt at eligius should not be harmful in any way IMO.

We agree it is unlikely.  Also unlikely is the families of ghash and eligius and btc guild all get kidnapped.  The point of this thread (it appears) is to identify and suggest amelioration techniques for the pool risks in proportion to their likelihood and potential harm.

We don't have transparency on which pools CEX equip is moved to, all this is speculation.  We really don't know the level of danger.

Ah, yes. I did not read your questions as a single one:). However my answer confirms that retargeting hash power most likely may not be identified. So, the level of danger is not known. But it was always like this: any entity that would not like to show it's real capabilities would split its resources among several pools.
BenAnh
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
June 08, 2014, 03:20:02 PM
 #195

Any confirmations on such attacks?
PatMan
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1000


Watch out for the "Neg-Rep-Dogie-Police".....


View Profile WWW
June 08, 2014, 03:25:17 PM
 #196

Yes, at the very beginning of the thread. Also, ghash.io/cex.io eventually admitted that it was their staff that did it. After first laughing it off & denying it, then lying about it.

"When one person is deluded it is called insanity - when many people are deluded it is called religion" - Robert M. Pirsig.  I don't want your coins, I want change.
Amazon UK BTC payment service - https://bitcointalk.org/index.php?topic=301229.0 - with FREE delivery!
http://www.ae911truth.org/ - http://rethink911.org/ - http://rememberbuilding7.org/
freedomno1
Legendary
*
Offline Offline

Activity: 1820
Merit: 1090


Learning the troll avoidance button :)


View Profile
June 09, 2014, 11:06:30 PM
 #197

Yes, at the very beginning of the thread. Also, ghash.io/cex.io eventually admitted that it was their staff that did it. After first laughing it off & denying it, then lying about it.

That would scare me a fair bit if they laughed it off and then said we didn't mean anything by it
Guess it means be careful not to give them enough hash to be able to have the option to do that

Believing in Bitcoins and it's ability to change the world
suzahtucu604835
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile
June 10, 2014, 02:33:42 AM
 #198

Transalating my post from russian subforum
https://bitcointalk.org/index.php?topic=321444.0

Like a month ago, in September I witnessed a lot of double-spending against BetCoin Dice. It happened between 25th and 27th Sept.

The mechanism was simple: send betcoin a tx wit 0 fee, then wait for a result tx, if your bet is a win, then confirm your tx, otherwise double-spend it.

1. Here I'll give you a bunch of transactions which you can examine. Note this is a chain of transactions, so just click on outputs to see.
https://blockchain.info/tx/4d731074447f02609c3110a187f9c6976f2bf255288ec5666ee270f09679619d
https://blockchain.info/tx/e0b44f68441ea0bad0f7694f735f496ce05238862534c6fea737b8903921185a

The double-spending of losing bets was performed by someone mining to https://blockchain.info/address/1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8 , you can check it yourself.

2. I tracked coins down to the origin
https://blockchain.info/tx/154ecb1eb72c933bc0707fa70deceb688361554ab81b901673d308aa84d9cfe9
The most interesting address here is 12PcHjajFJmDqz28yv4PEvBF4aJiFMuTFD
It's been involved in similar actions, look at this chain of win-only tx's
https://blockchain.info/tx/0c1a08d035862b01d075e8044b1e9ce52a8ad951b57d876a2a9a0e3502c41eb0
And the most interesting fact is that these zero-fee tx's inbetween winning ones were mined by ghash.io exclusively. Possibly this was a test attack.

3. Going further, I found the address the earnings from attack were sent to: 12e8322A9YqPbGBzFU6zXqn7KuBEHrpAAv
https://blockchain.info/tx/292e7354fbca1847f0cbdc87a7d62bc37e58e8b6fa773ef4846b959f28c42910
And then part of these funds (125 BTC) was sent to ghash.io's mining address:
https://blockchain.info/tx/48168cf655d0ac0c7c2733288ca72e69ecd515a9a0ab2821087eb33deb7c6962

4. Furthermore, I checked the funds mined to 1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8
In these 2 succeeding tx's they were moved to 199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn
https://blockchain.info/tx/e567ad6232de5285e0dc211d3f1c489b1e00e509118ba98a4825529d0a9197d9
https://blockchain.info/tx/faa7bc8b99376efa774045e79b42771fe668341b00290a61cd416992571c590d

This address is interesting, because it contains 6000 BTC and ~30% of funds come from ghash.io mining address.
https://blockchain.info/taint/199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn

5. And the last thing to spot:
GHash.io, being about 25% of network back then, didn't find a single block to its address between 25th and 27th of september!
https://blockchain.info/address/1CjPR7Z5ZSyWk6WtXvSFgkptmpoi4UM9BC?offset=1350&filter=2


I'm not jumping on conclusions, but these actions require public attention.
Comment here if you have anything to say.


I thought every body has to see this post. credit goes to RoadTrain  original post https://bitcointalk.org/index.php?topic=321630.0
Oh shit this look so serious if true...

QORA | 2ND GEN | NEW SOURCE CODE | QMfrsudGRULydjx3gWHRuKhdfjJKC9HD15
Get Free VpnCoin, Join BitNet ! your Vwyg1xThC2w3QYzf9FpEt7D3JN2LSeJsxV
kano
Legendary
*
Offline Offline

Activity: 4620
Merit: 1851


Linux since 1997 RedHat 4


View Profile
June 11, 2014, 07:24:53 AM
 #199

Yes, at the very beginning of the thread. Also, ghash.io/cex.io eventually admitted that it was their staff that did it. After first laughing it off & denying it, then lying about it.

That would scare me a fair bit if they laughed it off and then said we didn't mean anything by it
Guess it means be careful not to give them enough hash to be able to have the option to do that
... too late ...

Pool: https://kano.is - low 0.5% fee PPLNS 3 Days - Most reliable Solo with ONLY 0.5% fee   Bitcointalk thread: Forum
Discord support invite at https://kano.is/ Majority developer of the ckpool code - k for kano
The ONLY active original developer of cgminer. Original master git: https://github.com/kanoi/cgminer
DrG
Legendary
*
Offline Offline

Activity: 2086
Merit: 1035


View Profile
June 11, 2014, 08:25:36 AM
 #200

Don't know who should be faulted more: GHash.IO for not curtailing their growth or stupid people in the mining community who are pushing their growth.

I never mined there and the more I learn about their operation the more I'm disgusted by it.
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!