Topic: Is there any way for casinos to cheat the provably fair? (Read 3496 times)

Yep, but if you expose them and they chose to do nothing, well actually to change their system to another shitty system that does the same thing, its pretty much proof of their scam.

You have been answering my question with your posts, exposing a few casinos and their provably fair, thanks for that. I was sure many casinos cheated the provably fair system but now im sure.

Well, its hard to comment on how the other person or the site owner is. Not every site is profitable, and they might not have such a big satisfactory profit they want to have.

Sometimes, depending on the casino. My favourite post about this is this absolute gem on /r/Bitcoin. It's a decently long read, but it's very insightful.

That's not to say that a casino can't be properly provably fair, it's such some implementations can make it not so provably fair. Sites that are on-Blockchain and provably fair can't fall to those kinds of exploits.

Yes it is indeed no way to know about this but to be honest I dont see the need of them doing this since they are getting profit from the site even without doing this. Most Site are designed at 1 % house edge and in most site the average profit is above 1 % . As for PrimeDice, I believe Stunna got the biggest stake there so he doesnt need to do this thing either as the profit will mostly goes to him.

Really sorry to hear that man.  Thanks for the warning and I suggest you remind us now and again.  Pat yourself on the back because I guarantee that you saved a few of us from getting scammed.  Thanks and I am sorry you had to lose so much money to find out.

Well, that was the beauty of it. You can't prove it. Plausibly deniable provably fair.

And even with proof, there'd still be the worshipers throwing money at him anyway.

There is no way in hell a .1% edge site legitimately can make 1,000 BTC in just over 2 months.

Yes, definitely.

But actually a site should be provably fair without requiring the client to change the seed. This basically means they must generate a (cryptographically secure) random clientseed every time (on the clientside obv) -after- the user gets a new serverseed hash. Still changing the clientseed is always good, in case the implementation is bad and also because it's rather hard for most users to check the source/network data to see if the "random clientseed" was really generated properly. So yeh, ppl should always change their clientseed

That would be really nice. One thing I would also highly recommend in the article is encouraging people to change client seeds specially with games like Blackjack or Roulette. As the default seeds can be set up to have the dealer win more hands despite everything being provably fair, and also Roulette can be set up to some extent to have more 0's occurring .

Every site has some small differences in the implementation of the provably fair method, some better than others. I am planning to write an article about the ways the casino could still cheat you and what the ideal provably fair method should have (IMO.) But quick overview here..

Things that can be bad for player (some already said), in random order:

- Skipping nonces (dicebitco.in)
- Using anything like bet ID or timestamp in bet result calculation
- Not giving serverseed afterwards (sounds like a joke but betcoin.ag actually did that.)
- Having a "serverseed per bet" but not a (cryptographically secure) random clientseed per bet
- "serverseed per bet" but only show/send serverseed hash on request (I think 999dice did this? tbh never been interested in that site :p)
- Not generating a new (cryptographically secure) random clientseed after getting new serverseed hash
- Generating clientseed serverside
- Browser sending clientseed before getting serverseed hash
- Not locking serverseed hash (for d/c possibilities)
- TBH even things like "not giving proper history of your own bets", "no link to verifier and/or no script" and "daily secret" are bad, since it makes it harder to easily verify your bet rolls.

And probably more, again, I am planning to write much more about it soon with specific details+examples




Ps, if one doesn't fully understand provably fair, I recommend reading my "basic article": http://dicesites.com/provably-fair

I'm not sure of that
but I think when they give u the server seed and the client seed before rolling then no
I'm not sure if they can control games like slots
but I see no reason for any casino to cheat u
they will win without cheating 

Well, there is absolutely no way of knowing if a site cheats or plays against the investors as it will just be another investor. Primedice has no reason to do it as they have no investors(unless they play against the private investors , if they have any) . Can't comment on any other site as its almost impossible to know.

You seem to have no idea what "provably fair" means. It is not a thing that will increase your winning chance if you change your seed hash. It is a mechanism to verify your bet and see if the house is cheating or not


Yes the owner of the sites could, this is a concern about a site with investment feature, in the end you will have to trust your site operator


No problem


AFAIK 999dice is cheating by not showing the hashes beforehand and not by skipping nonce ( probably they are skipping nonce as well )

P.S : not quite sure about this, I may be wrong


A small percentage for profit and a small thing that could ruin their site reputation. Once people know about this, the site will be dead as no one will be playing there again so it is safe to assume that some big sites like PrimeDice and JustDice is not doing this since it could hurt their reputation badly

That would be provably fair for investors. However I am yet to see a site which has implemented that. I think its possible if part of the seeds are generated by a 3rd party, and part of the seeds are generated by the site itself, and the 3rd component(client seed) from the gambler.
But seems none of the major sites has actually implemented that .

I think that provably fair no effect I've tried a few games of dice and try to change the seed hash but still game so that and eventually lost as well. This according to me but perhaps by others that provably fair is working well

If implemented correctly (i.e. with hashes shown beforehand) provably fair is meant to be just that, provably fair. You should be able to verify the result of any roll and thereby ensure that the house isn't cheating you. For the older sites like JD and PD - most of them have had such an implementation for quite a while. The only problem that I can see is if the owner actually plays the house and causes losses. Since they would have access to the server seed and adjust their own client seed - they would be able to determine the outcome of rolls prior to them occurring allowing them to win while masquerading as a user. AFAIK, this issue hasn't been addressed but it might have changed since the last time I checked.

Yeah thats what i was saying when i was talking with dooglus about it, the customers there seem to be really stupid like extremely stupid, im not really sure why but seems like all of them like it there. Im not going to lie, i liked the site aswell it was simple and fast.

Now the problem is, how do you prove they are cheating for sure or anyone else that might be doing these kind of tricks? And anyways isnt most casinos online that dont use bitcoins not provably fair?

It depends how their provably fair mechanism is coded.   I have seen it done a few different ways and not all of them are as fair and secure as they claim.

So that's what a "nonce" is!  Thank you for explaining that.  I had seen the "nonce" term thrown around here and there but never really understood it.  Now I understand a lot better.  I was watching some analysis on Prime Dice and it was easy to see the nonce was consistently incrementing with no skips.  But I was trying to prove any nonce consistency in 999dice and couldn't really see it.

This is however mostly possible only in games like Blackjack. In cases of Dice, they usually can't do that, as the user has a choice what to bet on, but on Blackjack they are just aiming to get to 21 .

If you read the Nitrogensports thread, they are accused of something like this, but there is actually no way to prove it . Best thing to do is stay off the sites and play live. 

Because most people reading this didn't see the original threads, I want to sum up what happened.

I played on 999dice and won a lot. No insignificant sum.

And then I started losing like crazy, to the tune of "an absolute fuckton" of BTC. Which is when I started looking, and noticed their scam system.

So I wrote a javascript bot that would click 'set client seed' and set it to a random value FOR EVERY ROLL. Once I did this, shockingly (I know), my horrific losing streak ended and I won back about 42 of my lost bitcoin.

Which is when the admin noticed what I was doing, and banned me from the site, and threatened to confiscate any deposits I made from then on.

So I called them out publicly, at first they didn't respond, then responded with BS accusations I had attempted to scam them first (Side note: Even if I had, that's irrelevant and has nothing to do with them cheating their customers). Once it got big and all the crypto news outlets were reporting it, they changed their system so it LOOKS like they made an improvement, but really did not. It's no better than it was before this all started. But there are the 999dice kool aid drinkers who will swear up and down it's fair (while, I'd imagine, they have never actually verified a bet there).

If you play there, you deserve to lose every penny, because you're an idiot.

("You" being figurative, this isn't directed at anyone in particular. Well, unless you play there. Then I mean you.)