Odd pattern in BitcoinMonitor

[ironwolf]

I looked at BitcoinMonitor.com this evening and noticed this strange descending line of transactions. Each transaction has a fixed 0.05 BTC amount and the remainder in "change". Any ideas about what's up with this?

[caveden]

The faucet?

[caveden]

By the way, either the faucet is getting very popular, or some scumbag found a way to cheat and get all its money. Too many transactions...

[Raulo]

By the way, either the faucet is getting very popular, or some scumbag found a way to cheat and get all its money. Too many transactions...

It's probably the latter because just a day ago there were significantly fewer transactions from the faucet and much less regular.

[ironwolf]

The pattern went down to zero and seems to have restarted again at around 17.5 BTC.

[caveden]

I've PMed Gavin about it.

[ribuck]

Also notice how there's a small gap in the Faucet withdrawals whenever a block is generated. This probably tells us something about network propagation speed or somesuch.

[mahadri]

Also notice how there's a small gap in the Faucet withdrawals whenever a block is generated. This probably tells us something about network propagation speed or somesuch.

No. After a new block, the faucet pays out from its ~45 BTC transaction, then pays out from a smaller transaction until the next block. The gap will disappear when the faucet funds drop below 45 BTC, when there's only one transaction available to pay out from.

[Gavin Andresen]

I've turned off the faucet; somebody is definitely stealing from it.  There were 500 sends queued when I woke up this morning.

They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example:

Code:

121.1.54.214 - zqdckyxnhmjj [14/Apr/2011:05:20:19 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6,gzip(gfe)" "freebitcoins.appspot.com"
213.0.109.214 - clkjqwbhwefj [14/Apr/2011:05:20:15 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.3) Gecko/20100403 Fedora/3.6.3-4.fc13 Firefox/3.6.3,gzip(gfe)" "freebitcoins.appspot.com"
193.110.115.0 - rdcxalrgxyrvb [14/Apr/2011:05:17:40 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.7) Gecko/20100726 CentOS/3.6-3.el5.centos Firefox/3.6.7,gzip(gfe)" "freebitcoins.appspot.com"

"zqdckyxnhmjj" and "clkjqwbhwefj" are the google account logins, which are obviously bogus.  Well, obvious to humans, anyway...

[Anonymous]

I've turned off the faucet; somebody is definitely stealing from it.  There were 500 sends queued when I woke up this morning.

They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example:

Code:

121.1.54.214 - zqdckyxnhmjj [14/Apr/2011:05:20:19 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6,gzip(gfe)" "freebitcoins.appspot.com"
213.0.109.214 - clkjqwbhwefj [14/Apr/2011:05:20:15 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.3) Gecko/20100403 Fedora/3.6.3-4.fc13 Firefox/3.6.3,gzip(gfe)" "freebitcoins.appspot.com"
193.110.115.0 - rdcxalrgxyrvb [14/Apr/2011:05:17:40 -0700] "POST /getsome HTTP/1.1" 200 1206 "http://freebitcoins.appspot.com/getsome" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.7) Gecko/20100726 CentOS/3.6-3.el5.centos Firefox/3.6.7,gzip(gfe)" "freebitcoins.appspot.com"

"zqdckyxnhmjj" and "clkjqwbhwefj" are the google account logins, which are obviously bogus.  Well, obvious to humans, anyway...

Someone hired a captcha farm  ?

[jav]

They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example:

What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies?

It's really unfortunate, because the Faucet is probably the most important promotional tool that Bitcoin has. So what's next? manual approval of every Faucet transaction? maybe a group of trusted forum members could do this, so that there is always someone online? would be pretty tedious though, I guess.

[HostFat]

What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies?

Destroying is easier than creating

[Anonymous]

They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example:

What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies?

It's really unfortunate, because the Faucet is probably the most important promotional tool that Bitcoin has. So what's next? manual approval of every Faucet transaction? maybe a group of trusted forum members could do this, so that there is always someone online? would be pretty tedious though, I guess.

Pay someone .01 of the .05  to sit there clicking "confirm"

[caveden]

What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies?

+1

[jpent]

Is this pattern definitely due to the faucet then? I was thinking it could also be caused by mining pools sending out rewards.

[Gavin Andresen]

That pattern is definitely the faucet.  The big mining pools are already using the new 'sendmany' functionality to pay lots of people with one transaction.

I'm thinking of doing something similar for the Faucet.  Perhaps:

+ Bundle up requests for payments, so instead of sending out payment right away you have to wait a bit (15 minutes or an hour or... something somewhat random and non-predictable).

+ Dropping the Faucet reward AGAIN so there is less incentive to cheat.  I'll need to use sendmany so the faucet isn't paying as much in fees as it is in bitcoins it gives out.

And maybe:

+ Publicly display the queue of waiting requests.  This would be the tricky part-- I don't want to just dump email address and IP address, but I do want to dump enough information so people looking at the information can tell the difference between a cheater and legitimate users.

+ A way of flagging requests as "looks like cheating to me".  This is also hard-- griefers might decide it would be fun to flag lots of legitimate requests.

[Mr.512]

They are using a different IP address, different google account, and are even changing the browser ID string on every request-- here are three entries from the request log, for example:

What is wrong with some people? Seriously... someone with the technical skills to automate this can't think of something more worthwhile to do than to steal pennies?

It's really unfortunate, because the Faucet is probably the most important promotional tool that Bitcoin has. So what's next? manual approval of every Faucet transaction? maybe a group of trusted forum members could do this, so that there is always someone online? would be pretty tedious though, I guess.

Pay someone .01 of the .05  to sit there clicking "confirm"

That is probably by far the most intellectual idea. It's a smart idea to have someone online at all times, I'm sure there's someone Gavin can trust.

[BitterTea]

+ Dropping the Faucet reward AGAIN so there is less incentive to cheat.  I'll need to use sendmany so the faucet isn't paying as much in fees as it is in bitcoins it gives out.

I think I suggested this to you when I first found Bitcoin, but why not make the faucet's payout a direct function of the available balance? Like... payout = balance / 2000. This would mean diminishing returns for an attacker.

Oooh, what about integrating faucet authentication with Gribble? There's almost always somebody on IRC.

[randomguy7]

I don't think making the payout smaller is going to stop people cheating. Can't we add a switch to the gui to switch to testnet and run the faucet with testnet coins?

[BitterTea]

I don't think making the payout smaller is going to stop people cheating. Can't we add a switch to the gui to switch to testnet and run the faucet with testnet coins?

Sure, but the whole point is to give people some coins they can spend. Granted, I'm not sure what you're going to buy with .05 BTC, but whatev. I think introducing testnet into this will just confuse people.