999dice – SCAM exposed

What is 999dice?

999dice is a bitcoin, litecoin and dogecoin gambling website. They offer a simple dice betting game inspired by just-dice. 999dice claims to have a 0.1% house edge a whole 10 times lower than the 1% house edge of just-dice. If you are confused as to what a house edge is, it is built into the payouts. With a 1% house edge when you play the 50% game and win, you receive 1.98 times your stake as your payout. 999dice also claims to be a provably fair casino when you first visit their site:

999dice

You know a site is a scam when the first sentence in their welcoming message is already a lie. In this article we will expose the elaborate 999dice scam thanks to a user by the name of keepinquiet (a throwaway account) from bitcointalk, who was able to identify the scam through simple math and an investigation of their API. The scam lies in the fact that most users do not take the time to verify that each bet on 999dice is legitimate, those who overlook the bet verification feature end up being taken advantage of by rogue betting software that tricks the user.

What is provably fair?

If you want to run a successful cryptocurrency gambling site you must provide a way to the user to verify that the server has not altered their bet. The way betting sites allow users to verify their bets consists of displaying a hash which the server is using in order to generate your bet. One way that many well respected gambling sites prove their bets are fair is they displays the server hash for the day, then show the seed that generated that hash the next day. The user can all verify their bets that they made a day before by taking that seed that generated yesterday’s hash + other betting info = The hash that was displayed the day before. In other words, satoshidice lets users verify ALL of their previous bets at ALL times. Other legitimate sites change the hash with every bet and also display it so that there would be no way of finding the seed for the original hash and cheat the site.

Why 999dice is a scam

999dice’s scam lies in the way that the bet verification system works. In order to verify your bet you must first click a button in order to show the server has. That’s it! That is the scam, isn’t it genius?

999dicefraud

Most bitcoin gamblers are not going to verify each of their bets on every cryptocurrency gambling site, so they are NOT going to click that button to show the server hash. If they never click that button they have no way of verifying that their bets are legitimate. Unlike satoshi-dice, 999dice changes their has with every bet so you must click the show server hash button in order to see the new hash. keepinquiet could not have said it better:

When you click that button, the server KNOWS you are going to be validating the seed. The server KNOWS it can’t cheat this roll. The server KNOWS you might validate the bet, you have the hash, it HAS to use the seed it promised it would use – it can’t risk cheating and you catching it red handed. Wanna see something REALLY slick? Open the laughably fair tab. Click the “get server seed” button. Look at it. See the hash? Don’t change tabs. Watch the hash. Click bet. (Get some doge from the faucet or something). Did you see the seed change to the new one?
NO. You did NOT see it change to the new one – because the BUTTON REAPPEARED FORCING YOU TO CLICK IT FOR **EVERY** BET!

The scam’s ingenuity comes with the fact that every person trying to validate their bets will be successful at doing so, the site preys on the noobs who do not take the time to verify their bets and now those that are not going to do research about a gambling site running a suspiciously low 0.1% house edge.

Further proof

scam999dice

In addition to a simple button hiding the server hash, those who decide to use the 999dice API will quickly find out that the API “encourages” users to not verify their bets. The API refuses to tell you the hash unless you intentionally ask for it before betting, slowing down your bets by nearly half. Satoshidice’s API requires users to submit the hash as a parameter of the function that creates the bet, Satoshidice gives the user no option but to verify the bet each and every time. Unlike 999dice they do not penalize the user for verifying each bet by slowing down the speed of each bet. In other words:

Satoshidice forces you to see and confirm you have the hash. 999dice makes it an annoyance to get.

Adding insult to injury

The user that exposed the scam was able to come up with a way to reduce risk while increasing reward with his bets. While testing those bets on a truly random platform (random.org) the numbers all added up and the algorithm seemed to be worth playing. However, after running making over 8 million bets adding up to 92,000 BTC in total bets (thereabouts), he was NEVER up more than 20 BTC, and then only briefly at the beginning, and then it was loss after loss after loss. Keepinquiet then decided to force 999dice to verify each bet, that allowed him to win back 61 BTC in a span of 14 hours. Shortly after changing his betting algorithm the user received the following message from the 999dice admin:

*PLEASE MAKE NO FURTHER DEPOSITS*
I am glad to see that my email got through. My email provider was having
troubles all day. I was not sure that it had, because I saw your bets
pop back up in the chat room. There’s a pending withdrawal of 7.3 BTC or
so, which I will release after clicking “Send” on this email.
If I see further deposits, they’ll be seized. If they’re on new/stealthy
accounts that you think I won’t know about, they’ll still be seized –
please don’t test what you can get away with – you’ll lose your money.
You have no remaining balances on your account – everything that is
yours will have been paid out within a couple minutes of this email
being sent. I wish you the best of luck earning back what you’ve lost –
but it will have to be elsewhere – not on this website.
Jake

Conclusion

999dicecheating

Stay away from 999dice like the plague. You ARE going to loose your bitcoins. If you are on a luck streak their defrauding algorithm will try to trick you into betting a huge amount and then hit you with loss after loss. There are much better alternatives if you are looking to gamble your coins, satoshidice and just-dice are just one of the few examples.

If you are tired of the constant scams in the bitcoin community please take 10 seconds to share this article. If you liked this article follow us on twitter @btc_feed and make sure to subscribe to our newsletter!