This sounds like the exact problem I was hoping to solve with
Armory's signature blocks (and message signing just implemented in Satoshi 0.6.0). The only requirement is that the user's
first ever deposit is with an address they exclusively own. All future deposits to their account can be through any means whatsoever.
Ok. Deal with this scenario:
1) Innocent user funds casino account with tiny number of bitcoins and provides convincing ID.
2) Innocent user's laptop is stolen or otherwise hacked by Hacker - the point being that Hacker gains access to innocent user's private key and Innocent user loses access to the private key.
3) Hacker steals lots of bitcoins and sends them to Innocent user's casino funding address.
4) Hacker withdraws the coins from Innocent user's casino account.
5) Police find out that the stolen coins went to the casino.
6) Police ask the casino to tell them who the account belongs to.
7) Police have good reason to accuse Innocent user of theft. Innocent user can't prove he doesn't control the stolen coins and a jury has good reason to believe he can.
ByteCoin
If the casino has a policy of only sending coins back to the address that it got them from, then the attacker can just send the coins to the stolen key, deposit them from there, withdraw them back to that key, and send them away. Steps 5-7 go the same way as in your example. Same thing would happen if a return address was embedded in the deposit using OP_DROP or whatever.