Augur, the best-known prediction market and a pioneering, closely watched example of a distributed platform, has a problem: Scammers are taking advantage of deliberate ambiguities in phrasing in certain markets to game the system and reap illicit profits, observers say.
One of the earliest ICOs, Augur lets people create and bet on markets about virtually anything. The aggregate of bets, supposedly, constitutes a reliable source of predictive knowledge. (See: The Wisdom of Crowds.) To ensure markets resolve accurately, a distributed network of “reporters”—holders of Augur’s REP token—stake money on verifying the results of each market.
The mechanics of the scam
In theory, it’s a pretty good system. However, for some months now, a pseudonymous scammer has been exploiting a vulnerability: Markets with ambiguous phrasing—for instance, “the weather will be good on bastille day”—can be marked as “invalid” by reporters. That "kills" the market, forcing the entire bet to be returned evenly—rather than proportionally—to the market creators and bettors. (In Augur, bettors often make sophisticated bets, sometimes selling “pieces” of their bets to others. The net result is that bets can’t be proportionately recompensated in the event the market is invalidated..)
Exploiting this is (relatively) simple:
- Scammers create ambiguous markets.
- Scammers bet trivial amounts (“buying shares,” in prediction market parlance) on the least likely outcomes, creating the illusion of validity/liquidity.
- Scammers then sell shares in the higher probability outcome to unsuspecting bettors.
- Reporters invalidate these markets.
- Scammers, who have staked smaller sums than their victims, profit when the funds are evenly distributed.
It’s diabolical, and profitable. Though it’s impossible to say how much has been lost since the start of the scam, the sum could be large. An ongoing market Decrypt examined will net the scammer thousands of dollars, by our analysis.
The wider “Ethereum community” was alerted to the scam when user singlefin12222 described it on Reddit, writing, “Augur is being gamed!” The consensus among Augur diehards, among them co-founder Joey Krug, is that a single user, “Poyo,” is the culprit.
“Poyo,” Krug told Decrypt, has a longstanding habit of calling out his own invalid markets to bait reporters into invalidating them.
For instance, in this recent post, Poyo (username Poyo-Poyo) asked why the market “Ethereum Price at end of March 2019” had not yet been killed, given that reporting had been made available before the end of March. Savvy observers immediately clocked that it was Poyo’s own market. “Classic Poyo,” wrote one user.
How do we know this? The public address behind the Ethereum-March market matches the one behind another controversial market, “Which Party Will Control The US Senate After 2018 Midterms?” which Poyo has previously taken credit for. That market, famously, allowed reporters to vote on the outcome before the Democratic winners had been sworn in, leaving ambiguity as to who at the designated end-point technically controlled the House.
On the Ethereum-March market (which has $95,000 sloshing around), Poyo has sold some 27.325 ETH ($3,756,641) worth of overpriced shares to bettors. If the market were to invalidate, he would trouser at least 24.685 ETH ($3435.751) worth of redistributed funds.
But it’s not cut-and-dry. Poyo—or whomever is behind that address—could merely be ruthlessly, industriously incompetent.
Joey Krug tweeted a solution. In Augur’s upcoming V2 iteration, bettors will have the option to bet directly on whether a market will be invalidated. A high volume of “invalid” bets, supposedly, would deter would-be bettors from taking part in the market at all, making the compromised market illiquid.
Krug also described plans to fix a loophole in Augur’s code. By design, market creators must pay a small fee—a so-called validity bond—when creating a market. The more invalid markets, the higher the fee. In theory, it should act as a tax on badly phrased markets, making validity scams unprofitable in the long term.
Yet a bug has caused Augur to miscalculate the cost of this bond. Currently, Krug wrote, some 10 percent of markets are invalid. Yet the validity bond puts it at only 1 percent, under-pricing the penalty for churning out invalid markets.
Boyo, boyo, Poyo.