Topic: Is there any way for casinos to cheat the provably fair? (Read 3512 times)

Yep, but if you expose them and they chose to do nothing, well actually to change their system to another shitty system that does the same thing, its pretty much proof of their scam.

You have been answering my question with your posts, exposing a few casinos and their provably fair, thanks for that. I was sure many casinos cheated the provably fair system but now im sure.

Well, its hard to comment on how the other person or the site owner is. Not every site is profitable, and they might not have such a big satisfactory profit they want to have.

Sometimes, depending on the casino. My favourite post about this is this absolute gem on /r/Bitcoin. It's a decently long read, but it's very insightful.

That's not to say that a casino can't be properly provably fair, it's such some implementations can make it not so provably fair. Sites that are on-Blockchain and provably fair can't fall to those kinds of exploits.

Yes it is indeed no way to know about this but to be honest I dont see the need of them doing this since they are getting profit from the site even without doing this. Most Site are designed at 1 % house edge and in most site the average profit is above 1 % . As for PrimeDice, I believe Stunna got the biggest stake there so he doesnt need to do this thing either as the profit will mostly goes to him.

Really sorry to hear that man.  Thanks for the warning and I suggest you remind us now and again.  Pat yourself on the back because I guarantee that you saved a few of us from getting scammed.  Thanks and I am sorry you had to lose so much money to find out.

Well, that was the beauty of it. You can't prove it. Plausibly deniable provably fair.

And even with proof, there'd still be the worshipers throwing money at him anyway.

There is no way in hell a .1% edge site legitimately can make 1,000 BTC in just over 2 months.

Yes, definitely.

But actually a site should be provably fair without requiring the client to change the seed. This basically means they must generate a (cryptographically secure) random clientseed every time (on the clientside obv) -after- the user gets a new serverseed hash. Still changing the clientseed is always good, in case the implementation is bad and also because it's rather hard for most users to check the source/network data to see if the "random clientseed" was really generated properly. So yeh, ppl should always change their clientseed

That would be really nice. One thing I would also highly recommend in the article is encouraging people to change client seeds specially with games like Blackjack or Roulette. As the default seeds can be set up to have the dealer win more hands despite everything being provably fair, and also Roulette can be set up to some extent to have more 0's occurring .

Every site has some small differences in the implementation of the provably fair method, some better than others. I am planning to write an article about the ways the casino could still cheat you and what the ideal provably fair method should have (IMO.) But quick overview here..

Things that can be bad for player (some already said), in random order:

- Skipping nonces (dicebitco.in)
- Using anything like bet ID or timestamp in bet result calculation
- Not giving serverseed afterwards (sounds like a joke but betcoin.ag actually did that.)
- Having a "serverseed per bet" but not a (cryptographically secure) random clientseed per bet
- "serverseed per bet" but only show/send serverseed hash on request (I think 999dice did this? tbh never been interested in that site :p)
- Not generating a new (cryptographically secure) random clientseed after getting new serverseed hash
- Generating clientseed serverside
- Browser sending clientseed before getting serverseed hash
- Not locking serverseed hash (for d/c possibilities)
- TBH even things like "not giving proper history of your own bets", "no link to verifier and/or no script" and "daily secret" are bad, since it makes it harder to easily verify your bet rolls.

And probably more, again, I am planning to write much more about it soon with specific details+examples




Ps, if one doesn't fully understand provably fair, I recommend reading my "basic article": http://dicesites.com/provably-fair

I'm not sure of that
but I think when they give u the server seed and the client seed before rolling then no
I'm not sure if they can control games like slots
but I see no reason for any casino to cheat u
they will win without cheating 

Well, there is absolutely no way of knowing if a site cheats or plays against the investors as it will just be another investor. Primedice has no reason to do it as they have no investors(unless they play against the private investors , if they have any) . Can't comment on any other site as its almost impossible to know.

You seem to have no idea what "provably fair" means. It is not a thing that will increase your winning chance if you change your seed hash. It is a mechanism to verify your bet and see if the house is cheating or not


Yes the owner of the sites could, this is a concern about a site with investment feature, in the end you will have to trust your site operator


No problem


AFAIK 999dice is cheating by not showing the hashes beforehand and not by skipping nonce ( probably they are skipping nonce as well )

P.S : not quite sure about this, I may be wrong


A small percentage for profit and a small thing that could ruin their site reputation. Once people know about this, the site will be dead as no one will be playing there again so it is safe to assume that some big sites like PrimeDice and JustDice is not doing this since it could hurt their reputation badly

That would be provably fair for investors. However I am yet to see a site which has implemented that. I think its possible if part of the seeds are generated by a 3rd party, and part of the seeds are generated by the site itself, and the 3rd component(client seed) from the gambler.
But seems none of the major sites has actually implemented that .

I think that provably fair no effect I've tried a few games of dice and try to change the seed hash but still game so that and eventually lost as well. This according to me but perhaps by others that provably fair is working well

If implemented correctly (i.e. with hashes shown beforehand) provably fair is meant to be just that, provably fair. You should be able to verify the result of any roll and thereby ensure that the house isn't cheating you. For the older sites like JD and PD - most of them have had such an implementation for quite a while. The only problem that I can see is if the owner actually plays the house and causes losses. Since they would have access to the server seed and adjust their own client seed - they would be able to determine the outcome of rolls prior to them occurring allowing them to win while masquerading as a user. AFAIK, this issue hasn't been addressed but it might have changed since the last time I checked.

Yeah thats what i was saying when i was talking with dooglus about it, the customers there seem to be really stupid like extremely stupid, im not really sure why but seems like all of them like it there. Im not going to lie, i liked the site aswell it was simple and fast.

Now the problem is, how do you prove they are cheating for sure or anyone else that might be doing these kind of tricks? And anyways isnt most casinos online that dont use bitcoins not provably fair?

It depends how their provably fair mechanism is coded.   I have seen it done a few different ways and not all of them are as fair and secure as they claim.

So that's what a "nonce" is!  Thank you for explaining that.  I had seen the "nonce" term thrown around here and there but never really understood it.  Now I understand a lot better.  I was watching some analysis on Prime Dice and it was easy to see the nonce was consistently incrementing with no skips.  But I was trying to prove any nonce consistency in 999dice and couldn't really see it.

This is however mostly possible only in games like Blackjack. In cases of Dice, they usually can't do that, as the user has a choice what to bet on, but on Blackjack they are just aiming to get to 21 .

If you read the Nitrogensports thread, they are accused of something like this, but there is actually no way to prove it . Best thing to do is stay off the sites and play live. 

Because most people reading this didn't see the original threads, I want to sum up what happened.

I played on 999dice and won a lot. No insignificant sum.

And then I started losing like crazy, to the tune of "an absolute fuckton" of BTC. Which is when I started looking, and noticed their scam system.

So I wrote a javascript bot that would click 'set client seed' and set it to a random value FOR EVERY ROLL. Once I did this, shockingly (I know), my horrific losing streak ended and I won back about 42 of my lost bitcoin.

Which is when the admin noticed what I was doing, and banned me from the site, and threatened to confiscate any deposits I made from then on.

So I called them out publicly, at first they didn't respond, then responded with BS accusations I had attempted to scam them first (Side note: Even if I had, that's irrelevant and has nothing to do with them cheating their customers). Once it got big and all the crypto news outlets were reporting it, they changed their system so it LOOKS like they made an improvement, but really did not. It's no better than it was before this all started. But there are the 999dice kool aid drinkers who will swear up and down it's fair (while, I'd imagine, they have never actually verified a bet there).

If you play there, you deserve to lose every penny, because you're an idiot.

("You" being figurative, this isn't directed at anyone in particular. Well, unless you play there. Then I mean you.)

Even i too never change the seed because it seems as a burden to me in doing so lol. But where we are lazy and that can act as a loop hole cant be called cheat.

This was discussed many many times in the past.

Technically it is possible, because most players NEVER change the client seed, so the gambling site can assume for the next bet you re-use the old seed and they can product their own results. This was never proven however.

I would suggest visiting a live casino like that of Cloudbet or Jetwin if you are worried or aren't sure how to verify provably fair systems. Atleast there the chances of being cheated are much less, even though some people don't feel so.

I feel even if any site was to cheat by skipping rolls they would probably do it by doing it when the robot is on . That way for every 100 bets, they could skip one of the bets, and that along could give them an extra percent or more of house edge.

After i read alot info from all post from u above, can u give any recomended site that give real provably fair or at least alittle bit fair..

Yeah but we already discussed that, no casino would do that because they would be eventually caught, of course most people wont verify each bet but when someone does and founds out the site was cheating, thats it, the site is dead.

If anyone else knows something that we dont, speak to us!

There will always be a way for the house to cheat.  Is there a browser plugin to auto verify if it is fair?  Because tbh someone placing lots of bets is very unlikely to check all the numbers.  I know I would not.  If you are betting fast and not notating the checks, then they may be able to cheat right in front of your face because you are not paying attention.

Seriously if someone made a browser extension that auto checked this stuff I bet you could sell it.  Even if you only charged .05 btc, I bet you could make some money.

You are welcome for the awesome idea B)

It is not impossible, but it is still possible since the house could skip 1 or 2 nonce for every X bet but PrimeDice wont be risking their reputation by cheating the rolls. They are making alot of BTC even without cheating.

Your friend can use this simple verifier to verify the rolls if he think the house is cheating the rolls http://dicesites.com/primedice/verifier

Actually it is about psychology state, people tend to blame the others if they lose something, i.e your friend blame PrimeDice for cheating the rolls because he lost there

with so many people pissed about losing money, I think if PD could, people would not stop talking about it and either it would be corrected or PD would die

So it would be plain impossible for, primedice as an example, to cheat the rolls? I have a friend who played there, by my advice and he said that they were definitely cheating, i told him about provably fair but he still said they were cheaters so i was wondering if you could really cheat the system.

They cant change it once the hash is shown then its all done there. Even if the hash is shown, most people dont verify their rolls, due tot that if the house is thinking of cheating then they would probably be skipping the nonce instead since people wont be noticing if a nonce is missing or not

P.S : casino is designed with edge which means they will get more instead of losing more


999dice does this and the site is still standing right now. Players are quite a bunch there and most of them doesnt care and keep on rolling blindly even though there are alot of evidences that prove the site is a scam site

It's absolutely possible. 999dice.com does it. I called them out on hiding the client seed until you tell the server you're using one - so until you did that, they could roll anything they wanted.

After they "changed" it, now it's shown on every roll - but - they change your client seed to something that is generated on their server, on EVERY roll.

Anyone want to change that seed every roll? No? Pain in the ass?

It's absolutely possible to cheat. 999dice is the pioneer of that shit.

They have no reason to do that when casino can earn with their house edge.
It would destroy their reputation which is not a way anyone will run a business.

There was a thread about 999dice because the hash is not reveled to you unless you press a button.. In that sense they can scam because they belong the category mentioned above (they don't show you the hash beforehand unless you press the button).

Yes you play against the odds but when the house edge is so small its suspicious they managed to win so much in such short amount of time. Im not going to say any names, apart from 999dice wich made 3.5k btc already with a 0.1% house edge in a really short time but i can say definitively that they are scam.

No the can't do that. Remember that when you play in a casino you ALWAYS play against the odds. So it's just matter of luck (and time). The more you play the more chances you have to lose.

Could there be any way that when you try to verify it they would know and they would change the number, you have to copy the seed to verify it so maybe when you control + c they automatically change the nonce to something that would seem normal when they were cheating? I dont know if im expressing correctly.

pd: Im making all these questions because some casinos have managed to win quite a lot of money in a really short time wich makes it suspicious.

You can use the link i provided above to produce the rolls and then just copy and paste the results in an excel file where you will also paste the rolls from the site. Then compare the 2 columns if they are the same.

Actually even if they were provably fair, many players won't even bother checking each rolls, especially if they're doing the auto rolls or bot rolls and it will take a lot of time verifying 1000s of rolls and that is where a site can skip nonce.

I wonder if there is an easy way of doing it like a  script where you can enter all the rolls data at once and get them all checked ? because doing it manually is almost impossible.

There were in fact some so-called provably fair sites in the past, that used server time or bet ID in place of the nonce.
As you can imagine, both the server time and bet ID can be easily manipulated by the admin to generate a losing bet.
I don't think such site still exist nowadays though.

Yes exactly. There are verifies that given some input will calculate all your rolls.
You can find the verifiers here for some sites.

Not random number. To explain it simply nonce is nothing more or less a number to indicate your roll sequence

roll number 1
roll number 2
roll number 3
roll number 4

In nonce it will be nonce 0, nonce 1, nonce 2 and nonce 3. The nonce will keep on increasing as long as you are still rolling and it will goes back to nonce 0  if you change your hashes. If you wish to try on this, you can try it here http://dicesites.com/primedice/verifier







Not impossible , they can still cheat but player will notice it right away if they verify their bet but most people tend to not verify their bet that is why this loophole could be used to cheat by the site

I see now. Then its not possible for them to cheat doing that because you would notice it fast enough right? But you have to verify each roll, you cant verify all your rolls at once right? Thats why you need to use the nonce for each roll verified?

AFAIK nonce isnt added in the last characters of the   client seed, there is some calculations on that.

Nonce is an increasing number that is added to the client seed you choose. So for example if your seed is ABCDEFGHIJKL the first roll will be ABCDEFGHIJKL0 the 2nd roll will be ABCDEFGHIJKL1 the 3rd ABCDEFGHIJKL2 and so on.

Not a random number, but the nonce should go up by 1 after each bet, until the player decides to change his server seed and client seed.
The bet result will be generated with something like sha(server seed:client seed:nonce). This way, the player can keep using the same seeds for making as many bets as he wants. The house could skip nonce to cheat the players, but it will be noticeable if the player verify his bets, just like in the dicebitcoin incident.

Im a bit confused, whats the nonce exactly? This?


In security engineering, a nonce is an arbitrary number used only once in a cryptographic communication.

Like asigning a random number to each roll?

Yes there is, Casino that dont show hashes beforehand could be manipulating the result. That is why it is important to show hashes beforehand but most people are not aware of this

Another thing will be skipping nonce. Basically with each bet of the hash the nonce increase, if a casino is skipping nonce than the site could alter the result of the game

i.e player betting at 49.5 % chance at 1 % edge dice sites

nonce 3 - rolls 67.23 ---- Player bet low -> lose
nonce 2 - rolls 47.61 ---- Player bet low -> win >>> the house skip this nonce and goes to nonce 3
nonce 1 - rolls 90.34 ---- Player bet low -> lose
nonce 0 - rolls 97.11 ---- Player bet low -> lose

The house could be skipping nonce and goes straight to nonce 3 making them could alter the result of the rolls

Hey there. If they provide the server seed before you make the roll and you also provide the client roll then no. You can see the scheme that is used to calculate the rolls and you have that info before you make the roll so you can verify it afterwards.

I dont have enough knowledge about these kind of things and thats why i am asking it. Is there any way to cheat it? To make it look like the rolls were fair when they were actually being manipulated?