GHash.IO and double-spending against BetCoin Dice - page 12.

bclcjunkie

hero member

Activity: 833

Merit: 1001

this... and i'm sure if they can explain that outage everything else will become clearer...

Quote from: RoadTrain on November 11, 2013, 12:42:03 PM

Quote from: gmaxwell on November 11, 2013, 12:50:38 AM

Unconfirmed double spends are also perfectly possible without any hashpower at all... though you can certainly do them more consistently with some.

Especially with these stupid gambling services: you only need to change the txid so the actual better can have plausible deny-ability in the doublespending, and being successful only a small percentage of the time is enough to shift the odds in favor from the house to the player.

Might be worth offering two alternative hypothesizes that the data also works for:

(1) attacker spent a whole lot of BTC to frame ghash.io by paying it to a well known address of theirs unsolicited.
(2) ghash.io sold their hashpower to a third party, who used it to perform the attack and the payments were payments for more hashpower.

(IMO, (2) should be regarded as the community as even _worse_ than attacking themselves, ... but I know that the community doesn't regard blindly selling hashpower as treacherous.)

But (1) doesn't explain why ghash found 0 blocks to their address during the attack.
(2) is possible, but we need more data.

It would be good to hear from someone who had been mining on ghash back then to check their earnings.

gmaxwell

staff

Activity: 4242

Merit: 8672

Quote from: Mike Hearn on November 13, 2013, 07:55:00 AM

If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we?
I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is.

Someone who no longer has an ownership interest in it.

CEX.IO doesn't rent out hashpower. They actually sell hardware "ownership" by the GH/s. You pay them some amount upfront per GH/s, equal to a fairly high price for mining hardware ($36.6/GH/s), and you "forever" own an interest in some hardware. If you own enough to equal at least one board worth, you can pay for shipping and have some gear de-racked and sent to you. They also provide a market where current owners of hardware can sell it to new owners. They charge maintenance fees on the hardware (denominated in USD, currently about 2.78% of your income).

All of this hashrate, while in their hands, is currently required to be pointed at their "partner" mining pool, GHash.io which is an invite only pool.

Maybe a larger CEX.IO hashrate owner could get them to redirect their hashrate to something else, but thats not advertised anywhere, it's not clear to me that they'd have any obligation to do so... though I was unable to find a lot of detailed T/C for owning the hashrate, their contract mostly seems to focus on their exchange business.

IYFTech

hero member

Activity: 686

Merit: 500

WANTED: Active dev to fix & re-write p2pool in C

Quote from: CEX on November 11, 2013, 04:49:22 PM

We are now aware of this issue and we will perform an internal investigation to find out who is responsible for this.
Thank you for pointing out.

Actually, you've been aware of it for a long time, you just didn't bother acknowledging it. I posted the details on your official thread on October 30th (which you completely ignored) here:

https://bitcointalk.org/index.php?topic=318010.60

In fact, you have completely ignored every question from everyone regarding this until now - why was that I wonder?

gmaxwell

staff

Activity: 4242

Merit: 8672

Quote from: gh2k on November 13, 2013, 08:31:16 AM

You don't need to solve a block for this to happen, so what is the benefit of having the hashing power?

Not quite. At least today miners who have mempool accepted a transaction will not accept a conflicting one with higher fees, even if they're not attempting to mine the lower fee one yet.

You can pull off doublespends against no-confirm acceptors today, but it's a heck of a lot easier to do it reliably if you have some friendly hashpower.

gh2k

full member

Activity: 126

Merit: 100

One thing I'm fuzzy on is how having lots of hashing power helps in this attack. As I understand it:

- You send a transaction for x coins and no fee. It will get confirmed /eventually/, but not for a while.
- A dice is rolled before the transaction is confirmed. (silly gambling site!)
- If you win, you win. You wait for the transaction to be confirmed so everyone agrees what happened.
- If you lose, you send another transaction for the same x coins. (This time /with/ a fee?)
- The transaction is confirmed first as it has a higher fee and therefore more chance of getting into a block. This invalidates the previous transaction, and your subsequent loss to the gambling site.

You don't need to solve a block for this to happen, so what is the benefit of having the hashing power?

mmitech

legendary

Activity: 1148

Merit: 1001

things you own end up owning you

Quote from: Mike Hearn on November 13, 2013, 07:55:00 AM

If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we?

I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is.

An interesting and historic milestone! I think this would be the first time we've seen miners profitably double-spend against merchants. If ghash.io was selling their hashpower to a criminal (and defrauding merchants is a crime regardless of the exact technique you're using), then that suggests we should be formally discouraging miners from using that pool.

well it is a private operation with private hardware, miners cant do anything about it, this is the time when miners have to start thinking about using p2pool.

dave111223

legendary

Activity: 1190

Merit: 1001

Quote from: Mike Hearn on November 13, 2013, 07:55:00 AM

If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we?

I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is.

An interesting and historic milestone! I think this would be the first time we've seen miners profitably double-spend against merchants. If ghash.io was selling their hashpower to a criminal (and defrauding merchants is a crime regardless of the exact technique you're using), then that suggests we should be formally discouraging miners from using that pool.

From my experience with Cex.io you don't actually gain access to any mining hardware, you just receive the pool shares/payouts based on the hashrate that you "own".

(But then again I may have missed some more advanced menus or something)

Mike Hearn

legendary

Activity: 1526

Merit: 1134

If I understand the CEX.IO website correctly, it's a place where you can temporarily buy mining power that runs onto your own node? We've seen one of those before, didn't we?

I am curious who is stupid enough to rent their hardware out to random strangers over the internet and whether they understand what the point of mining actually is.

An interesting and historic milestone! I think this would be the first time we've seen miners profitably double-spend against merchants. If ghash.io was selling their hashpower to a criminal (and defrauding merchants is a crime regardless of the exact technique you're using), then that suggests we should be formally discouraging miners from using that pool.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: CEX on November 11, 2013, 04:49:22 PM

We are now aware of this issue and we will perform an internal investigation to find out who is responsible for this.

And what will u do? Call the police?

CEX

legendary

Activity: 1227

Merit: 1003

We are now aware of this issue and we will perform an internal investigation to find out who is responsible for this.
Thank you for pointing out.

gmaxwell

staff

Activity: 4242

Merit: 8672

Quote from: RoadTrain on November 11, 2013, 12:42:03 PM

But (1) doesn't explain why ghash found 0 blocks to their address during the attack.

No, but sometimes even high power pools will get massively unlucky. ... but if the miners were still paid, then yea, that supports the original hypothesis or (2).

RoadTrain

legendary

Activity: 1386

Merit: 1009

Quote from: gmaxwell on November 11, 2013, 12:50:38 AM

Unconfirmed double spends are also perfectly possible without any hashpower at all... though you can certainly do them more consistently with some.

Especially with these stupid gambling services: you only need to change the txid so the actual better can have plausible deny-ability in the doublespending, and being successful only a small percentage of the time is enough to shift the odds in favor from the house to the player.

Might be worth offering two alternative hypothesizes that the data also works for:

(1) attacker spent a whole lot of BTC to frame ghash.io by paying it to a well known address of theirs unsolicited.
(2) ghash.io sold their hashpower to a third party, who used it to perform the attack and the payments were payments for more hashpower.

(IMO, (2) should be regarded as the community as even _worse_ than attacking themselves, ... but I know that the community doesn't regard blindly selling hashpower as treacherous.)

But (1) doesn't explain why ghash found 0 blocks to their address during the attack.
(2) is possible, but we need more data.

It would be good to hear from someone who had been mining on ghash back then to check their earnings.

gmaxwell

staff

Activity: 4242

Merit: 8672

Unconfirmed double spends are also perfectly possible without any hashpower at all... though you can certainly do them more consistently with some.

Especially with these stupid gambling services: you only need to change the txid so the actual better can have plausible deny-ability in the doublespending, and being successful only a small percentage of the time is enough to shift the odds in favor from the house to the player.

Might be worth offering two alternative hypothesizes that the data also works for:

(1) attacker spent a whole lot of BTC to frame ghash.io by paying it to a well known address of theirs unsolicited.
(2) ghash.io sold their hashpower to a third party, who used it to perform the attack and the payments were payments for more hashpower.

(IMO, (2) should be regarded as the community as even _worse_ than attacking themselves, ... but I know that the community doesn't regard blindly selling hashpower as treacherous.)

jl2012

legendary

Activity: 1792

Merit: 1111

Quote from: bee7 on November 10, 2013, 03:08:14 PM

Quote from: Luke-Jr on November 10, 2013, 02:55:53 PM

Quote from: mmitech on November 10, 2013, 01:37:46 PM

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

I'm not sure it's that simple.
BetCoin Dice is currently* a DDoS attack against Bitcoin. GHash.IO's actions here could be construed as a kind of self-defence.

* BetCoin has indicated they will correct this problem eventually.

I am not going to defend the BetCoin's behavior in any way (starting from copying SD's site nearly byte-by-byte). But the much more appropriate self-defence against blockchain flooding, IMHO, would be to tweak the bitcoind just to drop the transactions related to the BetCoin's addresses off the mempool, not to cheat them as a response.

Accepting big-value zero-fee zero-confirmation transaction is stupid. They deserve it.

bee7

hero member

Activity: 574

Merit: 523

Quote from: Luke-Jr on November 10, 2013, 02:55:53 PM

Quote from: mmitech on November 10, 2013, 01:37:46 PM

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

I'm not sure it's that simple.
BetCoin Dice is currently* a DDoS attack against Bitcoin. GHash.IO's actions here could be construed as a kind of self-defence.

* BetCoin has indicated they will correct this problem eventually.

I am not going to defend the BetCoin's behavior in any way (starting from copying SD's site nearly byte-by-byte). But the much more appropriate self-defence against blockchain flooding, IMHO, would be to tweak the bitcoind just to drop the transactions related to the BetCoin's addresses off the mempool, not to cheat them as a response.

mmitech

legendary

Activity: 1148

Merit: 1001

things you own end up owning you

Quote from: Luke-Jr on November 10, 2013, 02:55:53 PM

Quote from: mmitech on November 10, 2013, 01:37:46 PM

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

I'm not sure it's that simple.
BetCoin Dice is currently* a DDoS attack against Bitcoin. GHash.IO's actions here could be construed as a kind of self-defence.

* BetCoin has indicated they will correct this problem eventually.

I really don't understand how can BetCoin or any other service be a threat to Bitcoin, can you please explain it, maybe I was missing something ?

Luke-Jr

legendary

Activity: 2576

Merit: 1186

Quote from: mmitech on November 10, 2013, 01:37:46 PM

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

I'm not sure it's that simple.
BetCoin Dice is currently* a DDoS attack against Bitcoin. GHash.IO's actions here could be construed as a kind of self-defence.

* BetCoin has indicated they will correct this problem eventually.

bee7

hero member

Activity: 574

Merit: 523

Quote from: mmitech on November 10, 2013, 01:37:46 PM

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

Exactly

mmitech

legendary

Activity: 1148

Merit: 1001

things you own end up owning you

lets get to the bottom line here, it is not about BetCoin failure, we all agree on that, the whole thing is about someone holding 24% of the network hash power and using this position with bad attention.

it worries me when they get close to 51%, then the question is if they are doing it now, what will they do with 51% and that what matters to me at this point.

what the cumunity can do about it, I guess nothing, they are a private pool , they will be adding more and more power this is no question, in the classic case, miners can always switch to other pools when they feel the threat but what is the solution when some big private pool does this.

MTBmanTT

member

Activity: 66

Merit: 10

Bitcoin: The new Wild West

Topic: GHash.IO and double-spending against BetCoin Dice - page 12. (Read 112080 times)