

My conversation with a user who tried to steal our bitcoins - icedicedavid
http://blog.ice-dice.com/post/65629020473/my-conversation-with-a-user-who-tried-to-steal-our

======
woah
You're a casino, and you have the gall to describe users taking advantage of a
promotion that you ran as "stealing"?

I mean, your entire business is based on interpreting your own rules in such a
way as to give yourself a structural advantage. When a user plays by your
rules and wins, I guess it's "theft".

~~~
icedicedavid
Our casino is provably fair, which means all bets can be verified
cryptographically to verify that we do not take advantage of our users. The
house edge is clearly designed to be 2%, which means we return 98% of all the
wager back to the players. Players clearly can choose their chance of winning
with corresponding payout. Everything we do is transparent, including our
profit, how much is in the bankroll. Our rule is our promo is for new users
only, and this user created like 20 accounts in the last 3 hours trying. He is
clearly not playing by the rules, how are we wrong for blocking his fraudulent
behaviour?

all these account he made claimed our credit over and over again just earlier
today:

@h7fVandermeulen

@Sfi_Stawski1010

@BQk_Mikadze4232

@8Rl_Moljevic505

@sotnd1996

@_VupEquis8648BY

@i9xHazlip4159EU

@gXtKudla4403HHC

@_uTjJugovic7828

@_wljPines1662BT

@DTt_Przybyszews

@_hogElyan9488GW

@_vdaTournaments

@_mijLyche6529MF

@_UqtNewlands354

@5ox_Ferencik217

~~~
nwh
To those unfamiliar, it's probably fair but only up to the point where you
expect the site to be serving up the same code every time. It's a bit like
JavaScript crypto; makes you feel good but has little bearing on anything in
the real world.

The server sends the client a hash of a secret, the client sends a locally
generated nonce back, and the server hashes the two and determines the
outcome. The idea being that the server can't change the result because the
secret has already been verified as the same as before they rolled by the
client via the previously exposed hash. Still relies on the code being served
to not be changed on every load, which is a false assumption to make.

------
3JPLW
A bit of context at the beginning of the post would be useful. The "How I
fight with users who try to steal…"[1] post has a good introduction.
Basically, they're running a promotion that allows users to get free 0.01 or
0.005 bitcoin if they are a new user and tweet about it. But there's a lot of
fraudulent new sign ups. It's a lot more interesting with that in mind.

[1]. [http://blog.ice-dice.com/post/65390305396/heres-how-i-
fight-...](http://blog.ice-dice.com/post/65390305396/heres-how-i-fight-with-
users-who-steal)

------
Ozark
and for those of us who almost never use our twitter account and have less
than 30 followers, are sol. I guess I could get some followers but that seems
like too much work to try a casino game that I'm probably just going to lose
the .005 btc in.

