Around $10.6m in Ether has disappeared from the smart contract of alleged Chinese ponzi scheme FairWin. Was it stolen, hacked – or just withdrawn by desperate users?
Throughout September the crypto media was full of reports of the Ethereum network groaning under the strain of its own popularity – with the network slowing down as hit peak capacity, until a recent 25% gas limit increase gave it a bit of breathing room.
Many blamed Tether, but the largest gas user on most days – accounting for up to 60% of all gas usage – was a gambling dApp called FairWin, which many suspect is a Chinese Ponzi scheme.
May not be a Ponzi*, could be a Pyramid* scheme (*allegedly)
FairWin is essentially a high yeild investment scheme masquerading as a gambling dApp.
You earn a “dividend” by ‘investing’ in the scheme or by referring other people to the project.
The high 0.5% to 1% return on investment after just 5 days screams ‘scam’ to most observers, with the returns for older deposits believed to be drawn from new deposits.
On September 21, the contract had 49,000 Ether locked, worth $10.6 million.
Were some of the funds stolen by the owners, hacked by an attacker – or probably most likely – just withdrawn by users in a mad dash for the exit after they’d read reports alleging Fair Win is a decentralised pyramid scheme?
Targeted at new Chinese users
Although allegations that FairWin was not entirely above board, have been floating around for weeks in English language media, the dApp targeted users on Chinese social media and blogs – where the news only seems to have just hit.
Earlier this week, developers found critical vulnerabilities in the gambling game.
Horizon Games researcher Philippe Castonguay – who also believes Fair is a Ponzi – said the smart contract “contains critical vulnerabilities that put all funds at risk”.
The vulnerabilities enabled the contract owner to “totally drain” it of Ether or prevent users from withdrawing their Ether. The bugs could also allow hackers to “steal new deposits”.
After news broke the contract was empty Castonguay told The Block, “it looks like people raced to withdraw their funds” but added that it is “hard to tell at this point.”
Reddit takes FairWin down
The day before the amount of Eth locked on the platform peaked on September 21, Redditor chutiyabehenchod alleged that 70% of new deposits were being used to pay the dividends on older deposits, while the owners took 30% for themselves.
He said FairWin could ““be one of the biggest scams ever seen in Ethereum.”
However Fair Win has denied allegations it is a Ponzi scheme, labeling such claims on its website as “misleading”.
FairWin also responded to a more detailed Reddit takedown yesterday by Clément Lesaege, CTO of Kleros, saying they’d “already found the vulnerability, but we don’t think it is a vulnerability”.
Cock up rather than conspiracy
While Lesaege thinks FairWin is a ponzi scheme he doesn’t believe the contract was deliberately written to enable the owners to steal all the Ether, mainly because he didn’t think they weren’t smart enough to do so.
“This contract is the contract with the lowest code quality I’ve ever seen,” he said.