RoadTrain



Offline



Activity: 1386

Merit: 1005







LegendaryActivity: 1386Merit: 1005 GHash.IO and double-spending against BetCoin Dice October 30, 2013, 09:36:09 PM

Last edit: October 31, 2013, 12:14:38 AM by RoadTrain #1

https://bitcointalk.org/index.php?topic=321444.0



Like a month ago, in September I witnessed a lot of double-spending against BetCoin Dice. It happened between 25th and 27th Sept.



The mechanism was simple: send betcoin a tx wit 0 fee, then wait for a result tx, if your bet is a win, then confirm your tx, otherwise double-spend it.



1. Here I'll give you a bunch of transactions which you can examine. Note this is a chain of transactions, so just click on outputs to see.

https://blockchain.info/tx/4d731074447f02609c3110a187f9c6976f2bf255288ec5666ee270f09679619d

https://blockchain.info/tx/e0b44f68441ea0bad0f7694f735f496ce05238862534c6fea737b8903921185a



The double-spending of losing bets was performed by someone mining to



2. I tracked coins down to the origin

https://blockchain.info/tx/154ecb1eb72c933bc0707fa70deceb688361554ab81b901673d308aa84d9cfe9

The most interesting address here is 12PcHjajFJmDqz28yv4PEvBF4aJiFMuTFD

It's been involved in similar actions, look at this chain of win-only tx's

https://blockchain.info/tx/0c1a08d035862b01d075e8044b1e9ce52a8ad951b57d876a2a9a0e3502c41eb0

And the most interesting fact is that these zero-fee tx's inbetween winning ones were mined by ghash.io exclusively. Possibly this was a test attack.



3. Going further, I found the address the earnings from attack were sent to: 12e8322A9YqPbGBzFU6zXqn7KuBEHrpAAv

https://blockchain.info/tx/292e7354fbca1847f0cbdc87a7d62bc37e58e8b6fa773ef4846b959f28c42910

And then part of these funds (125 BTC) was sent to ghash.io's mining address:

https://blockchain.info/tx/48168cf655d0ac0c7c2733288ca72e69ecd515a9a0ab2821087eb33deb7c6962



4. Furthermore, I checked the funds mined to 1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8

In these 2 succeeding tx's they were moved to 199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn

https://blockchain.info/tx/e567ad6232de5285e0dc211d3f1c489b1e00e509118ba98a4825529d0a9197d9

https://blockchain.info/tx/faa7bc8b99376efa774045e79b42771fe668341b00290a61cd416992571c590d



This address is interesting, because it contains 6000 BTC and ~30% of funds come from ghash.io mining address.

https://blockchain.info/taint/199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pn



5. And the last thing to spot:

GHash.io, being about 25% of network back then, didn't find a single block to its address between 25th and 27th of september!

https://blockchain.info/address/1CjPR7Z5ZSyWk6WtXvSFgkptmpoi4UM9BC?offset=1350&filter=2





I'm not jumping on conclusions, but these actions require public attention.

Comment here if you have anything to say.

Transalating my post from russian subforumLike a month ago, in September I witnessed a lot of double-spending against BetCoin Dice. It happened between 25th and 27th Sept.The mechanism was simple: send betcoin a tx wit 0 fee, then wait for a result tx, if your bet is a win, then confirm your tx, otherwise double-spend it.Here I'll give you a bunch of transactions which you can examine. Note this is a chain of transactions, so just click on outputs to see.The double-spending of losing bets was performed by someone mining to https://blockchain.info/address/1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8 , you can check it yourself.I tracked coins down to the originThe most interesting address here is 12PcHjajFJmDqz28yv4PEvBF4aJiFMuTFDIt's been involved in similar actions, look at this chain of win-only tx'sAnd the most interesting fact is that these zero-fee tx's inbetween winning ones were mined by ghash.io exclusively. Possibly this was a test attack.Going further, I found the address the earnings from attack were sent to: 12e8322A9YqPbGBzFU6zXqn7KuBEHrpAAvAnd then part of these funds (125 BTC) was sent to ghash.io's mining address:Furthermore, I checked the funds mined to 1MA7CKbWMyKdPkmsbnwmfeLh1hYy5A3gy8In these 2 succeeding tx's they were moved to 199kVcHrLdouz9k9iW3jh1kpL7j9nLg7pnThis address is interesting, because it contains 6000 BTC and ~30% of funds come from ghash.io mining address.And the last thing to spot:GHash.io, being about 25% of network back then, didn't find a single block to its address between 25th and 27th of september!I'm not jumping on conclusions, but these actions require public attention.Comment here if you have anything to say.