I wonder how there are still some casino's that are able to offer instant play with 0 confirmations? This seems to be something that's fairly easy to exploit and make a huge profit with in a short time.
This combined with instant payouts would be quite detrimental for the site.
Topic: Cheaters (double spenders) and what the gambling sites are doing against them - page 3. (Read 3059 times)
April 15, 2016, 06:20:34 AM
April 15, 2016, 04:27:23 AM
so how many cheats has happened so far, can you give some statistic on it with how much BTC did they cheat?
Check this : https://bitcointalksearch.org/topic/ghashio-and-double-spending-against-betcoin-dice-327767 (Betcoin Dice)
https://bitcointalksearch.org/topic/double-spend-on-pocket-dice-1128950 (Pocket Dice)
well double spend is a serious problem and as i said earlier gambling sites should accept deposits or show balance only after 3-4 confirmations.
April 15, 2016, 04:03:23 AM
so how many cheats has happened so far, can you give some statistic on it with how much BTC did they cheat?
you can always do it like others with at least 1 confirmation, and also you can add other altcoins which will be confirmed super fast like Dogecoin.
you can always do it like others with at least 1 confirmation, and also you can add other altcoins which will be confirmed super fast like Dogecoin.
April 14, 2016, 11:52:35 PM
I don't think this double spending exploit is really that common, and I have no idea how much gambling sites are losing because something like this exist.
If that is really that bad and big money are being lost because of that then I think we are unfortunately doomed to eventually switch from 0 confirmation deposits to 1 confirmation.
If that is really that bad and big money are being lost because of that then I think we are unfortunately doomed to eventually switch from 0 confirmation deposits to 1 confirmation.
April 14, 2016, 10:55:56 PM
No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
this kind of double spending is called race attack. it is done by creating another transaction that spends at least one input that was used on the first transaction. once one of them got confirmed the other will cease to be a valid transaction and never confirm.
IMO the only sure way to stop gambling sites from getting cheated is to stop accepting 0-confirmation deposits.
Hello does this means that lets say i have $5 btc in wallet, for the first transaction i sent a $3, which will left me with $2, but then before the transaction got sent i send another $5 btc at the same time? Is it something like that? Thanks for the explanation
that won't do. every time you make a transaction you'll always spend all of the coins in the input. that $2 will be sent back to your address or your change address, creating a new output for the next transaction to refer to (as input).
April 14, 2016, 10:49:00 PM
No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
this kind of double spending is called race attack. it is done by creating another transaction that spends at least one input that was used on the first transaction. once one of them got confirmed the other will cease to be a valid transaction and never confirm.
IMO the only sure way to stop gambling sites from getting cheated is to stop accepting 0-confirmation deposits.
Hello does this means that lets say i have $5 btc in wallet, for the first transaction i sent a $3, which will left me with $2, but then before the transaction got sent i send another $5 btc at the same time? Is it something like that? Thanks for the explanation
April 14, 2016, 10:44:54 PM
No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
this kind of double spending is called race attack. it is done by creating another transaction that spends at least one input that was used on the first transaction. once one of them got confirmed the other will cease to be a valid transaction and never confirm.
IMO the only sure way to stop gambling sites from getting cheated is to stop accepting 0-confirmation deposits.
April 14, 2016, 10:38:58 PM
is this method really working with current RBF?
seems thats another vote that RBF sucks ;x
seems thats another vote that RBF sucks ;x
April 14, 2016, 10:34:16 PM
Yours is not the first site it has happened too, the biggest sites have faced this problem and the solution you implemented is the best solution there is, one confirmation on a normal day should take on average 10 minutes and its same for everyone so gamblers have to wait that much to play at any casino.
Up to 1 BTC, 1 confirmation should suffice, over that you should wait for at-least 3 confirmations.
Up to 1 BTC, 1 confirmation should suffice, over that you should wait for at-least 3 confirmations.
Totally agree with bitbaby that even 1 confirmation is not sufficient , a double spending may even occur even after 1 conf. if miner also participates.Well now most of bitcoin wallets have disallowed it but gambling sites should take up some preventive measures and IMO at-least 3 confirmations is the best as of now.
April 14, 2016, 10:25:47 PM
No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
I am not exactly sure how double spending works, but I can assure you that these cheaters have it down to an exact science!
Also I believe it's called a "Race Attack" which you can read about here:
https://en.bitcoin.it/wiki/Double-spending
April 14, 2016, 09:43:41 PM
No one wants to help me understand how this works? Always hear about waiting for confirmations but never read how people are able to cancel a transaction?
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
Was thinking this should not be a issue but forgot about people being able to create infinite accounts.
April 14, 2016, 08:55:58 PM
Yours is not the first site it has happened too, the biggest sites have faced this problem and the solution you implemented is the best solution there is, one confirmation on a normal day should take on average 10 minutes and its same for everyone so gamblers have to wait that much to play at any casino.
Up to 1 BTC, 1 confirmation should suffice, over that you should wait for at-least 3 confirmations.
Up to 1 BTC, 1 confirmation should suffice, over that you should wait for at-least 3 confirmations.
April 14, 2016, 01:14:44 PM
The solution is simple. Lets keep 0 confirmation deposit as it is a nice feature to have. But instead put a restriction on a withdrawal -
Unless your deposit wasn't confirmed you can't withdraw it. It is as simple as that.
Unless your deposit wasn't confirmed you can't withdraw it. It is as simple as that.
The cheaters act like this:
Create account #1 -> deposit BTC -> they lose -> they double spend
Create account #2 -> deposit BTC -> they lose -> they double spend
Create account #3 -> deposit BTC -> they WIN -> they allow the transaction to go through -> transaction confirms -> they request a withdrawal
So in this case, we wouldn't allow accounts #1 and #2 to withdraw, but we WOULD allow account #3 to withdraw, since it has a confirmation. But it is still a cheater's account.
As you can see, it still does not help us because the cheaters are able to constantly create new accounts with different IPs and emails until they win.
April 14, 2016, 12:56:31 PM
I really do not understand how double spending works,always presumed you need the funds in the wallet to actually send something and I have never canceled a transaction. Actually had no idea that this could be done are there threads on how this is done,so I know what to look out for in the future if I ever do end up in a potential situation like that?
April 14, 2016, 12:28:28 PM
The solution is simple. Lets keep 0 confirmation deposit as it is a nice feature to have. But instead put a restriction on a withdrawal -
Unless your deposit wasn't confirmed you can't withdraw it. It is as simple as that.
Unless your deposit wasn't confirmed you can't withdraw it. It is as simple as that.
April 14, 2016, 11:13:44 AM
You could do what luckyb.it does and wait for it to confirm with a low fee, or have instant play with a fee of at least 0.0002BTC. Should stop most double spenders, as it needs to be a large tx size for it to not confirm for a while with that kind of fee. Most players won't really notice a difference with paying 4 cents extra for the fee if they can play instantly, but it protects you a lot more. It also shouldn't affect the people that like small fees, since they can choose to wait for it to confirm.
Correct me if I'm wrong, but aren't they able to double spend regardless of the fee amount simply by putting a higher fee for the same transaction before the confirmation hits?
I'll send them a message and see what they do to protect themselves
April 14, 2016, 10:54:11 AM
You could do what luckyb.it does and wait for it to confirm with a low fee, or have instant play with a fee of at least 0.0002BTC. Should stop most double spenders, as it needs to be a large tx size for it to not confirm for a while with that kind of fee. Most players won't really notice a difference with paying 4 cents extra for the fee if they can play instantly, but it protects you a lot more. It also shouldn't affect the people that like small fees, since they can choose to wait for it to confirm.
Correct me if I'm wrong, but aren't they able to double spend regardless of the fee amount simply by putting a higher fee for the same transaction before the confirmation hits?
April 14, 2016, 06:58:47 AM
I never thought that a deposit confirmation 0, has a pretty adverse impact on the owners of the site and I also do not think that there are people who can take advantage of this. I feel your actions to address this issue have been very correct, considering if it is not soon resolved so many gambling sites that will have the impact of this.
April 14, 2016, 06:49:48 AM
NitrogenSports has a 0 confirmation policy I think but they do manual auditing of any outgoing transactions so I don't think this kind of shit will fly under their radar probably you will be banned and your funds will be seized if you try this scheme. I think DirectBet allows 0 confirmations on their bet deposits as well but I haven't heard of anyone trying to exploit their system. These scams are probably best performed on casino sites as sportsbetting requires a lot of time for the events to finish.
April 14, 2016, 06:28:27 AM
this is strange i have not seen any place that accepts bitcoin with 0 confirmation and even if they do it is so rare and they only accept it with 0 confirmation if the transaction size is really small.
There are many places that accept 0 confirmation deposit. (NitrogenSports,Bitsler)
Jump to: