Fairwin, a gambling platform, has been running one of the biggest contracts on the entire Ethereum network. In the last 30 days, the platform has spent more than 51 percent of all gas, the fuel that powers Ethereum, according to ETH Gas Station. That’s almost double the funds spent by the stablecoin network Tether, which has used 28 percent of gas supplies.
Fairwin claims it’s a provably-fair gambling platform. Users bet on rudimentary games of chance, like coin flips and dice rolling. When you gamble, four percent of your funds go towards “ecological construction,” which Fairwin says will be returned to the investors. But many security researchers think the whole thing is a scam. Over the past few weeks, white hat hackers have revealed vulnerabilities in the Fairwin contract on Ethereum that put millions of dollars of customer funds at risk. According to analysis by Ethereum developer Philippe Castonguay, Fairwin received a total of 687,598 ETH, or around $125,000,000. But as of Monday this week, all the funds have been drained from the contract.
It’s unclear whether this is a massive exit scam, or if the white hatters were successful in raising awareness about the scam and spooked investors have pulled all their cash out. A message on Fairwin’s website said it “expressed strong condemnation” for “false news reports,” and that it’s restarting the game within the next three days. Daniel Luca, a security auditor who helped discover the vulnerabilities, said the owner managed to remove most of the funds before investors could withdraw. But it was “impossible for everyone to withdraw their funds. Some people got burned,” he told Decrypt.
White hat hackers caught wind of the project earlier this month and have been working on it since. A vulnerability disclosure by Clément Lesaege, a CTO at blockchain start-up Kleros who got wise to the project through an Ethereum security Telegram chat, showed that the contract is unsustainable; the more money that people keep adding to it, the higher the dividends to be paid out. But here’s the problem: Once new people stop putting money in it, the contract won’t be able to pay participants, and everyone will eventually lose everything. That’s right; September’s hottest app on the Ethereum blockchain, according to many, looks and smells like a Ponzi scheme. Here’s how it works.
A few days ago, white hat hackers found a vulnerability that allows the contract operators to drain users’ wallets of funds. As Lesaege wrote: “The execution of the reward, dividends, and sending of awards can only be done by the operator. The operator can choose which users get rewarded. The operator can steal the funds from the contract by not executing the rewards of other users but executing the rewards of accounts they control.”
Lesaege said the contract also runs something called a “frontrunner” attack. Under Fairwin’s dodgy contract, investing in the scheme generates a code as part of a referral program. But Fairwin’s payouts always go to the first person who redeems the code. An attacker, having conned a victim into joining, can according to Lesaege, easily work out their invite code: “An attacker can see your "invite code" when your transaction is in the mempool before it gets executed and "invest" in the scheme with the same "invite code" as you,” wrote Lesaege, netting any rewards from their victims’ investments.
That means that all the funds in the contract were at risk. White hatters spent the last few days trying to spread the word about Fairwin to its customers, many of whom they believe live in Asia. But, for better or worse, the swamp has been drained: ten days ago, the contract held $10 million at once. Now, zilch.
How Fairwin is Unfair
Fairwin first started work on a gambling platform back in January 2018. But in December, the team tweeted—in perfect English—that they didn’t raise enough money for the ICO, and had since abandoned the project. But in July 2019, despite no announcement on any of Fairwin’s social media channels, a Fairwin clone launched a new contract to haunt the Ethereum network. Since then, the contract has grown to peaks of $10.5 million.
It’s nigh impossible to work out who runs it. Emails from Decrypt bounced back, Fairwin’s Twitter shut down a year ago, its London office is now a coffee shop, and a couple of days ago, Fairwin’s team members were compressed stock images of businessmen. Now...cartoon puppets.
There’s reason to believe it isn’t the original Fairwin team. For starters, Fairwin’s whitepaper is a Google-translated mess. “Chain of the underlying technology of FW based on Ethernet fang,” reads one section. “Based on the block chain technology, FW will achieve the global gambling industry circulation, break the data island, and digitalize the global asset circulation,” reads a section titled “Ecology Construction.”
Fairwin’s promotional videos are narrated by computer-generated voices. But no human voice, computationally generated or no, can make sentences like “The platform again realized excess accumulation” sound natural. (The videos, though, are amazing: seriously, watch them).
The code, too, is similarly incomprehensible. According to experts, it’s full of useless rubbish, and much of it doesn’t even work. “This contract is the contract with the lowest code quality I've ever seen (and I've seen really bad contracts),” said Lesaege. He said there were no comments on the code–a feature common in codebases–the names are full of typos, entire portions are of the code aren’t accessible, and a lot of it simply doesn’t work.
Harry Denley, a security researcher who created a dashboard that queries Fairwin data, told Decrypt he discovered that the six admin addresses needed huge amounts of capital to keep calling contract methods. The reason? Because the contract is “poorly written,” these method calls can cost upwards of $30. “And these calls are being done multiple times a day,” he said.
So the question remains unanswered: Was Fairwin created by evil geniuses, who’ve corrupted and robbed from over half of the Ethereum blockchain. Or is Fairwin the result of a Ponzi scheme, poorly coded, and fronted by cut-price actors in blockchain’s latest get-rich-quick scheme?
“The simplest and most likely explanation is that it was just badly coded,” wrote Lesaege. Lesaege said he first disclosed the vulnerability to the Fairwin team on Saturday. “Since FairWin had had some vulnerability in the past but fixed it, I thought that they would not try to hack their own contract,” he told Decrypt. But Fairwin denied the vulnerability, and money kept flowing into the contract. Lesaege said he received the following message from Fairwin: “We have already found the vulnerability, but we don't think it is a vulnerability. The contract is judged and the invitation code generated by the user for the first time will be used as the final invitation code. So the loophole is invalid.” A message on their site today said that the game will be restarted, and vehemently denies allegations of scams. “They might not be intentional, but they can still drain the contract at any time,” said Daniel Luca, a security auditor who helped discover the vulnerabilities.
Over the past week, top security experts have been raising awareness to get FairWin shut down, or at least to help users take control of their funds. “Avoid interacting with this contract and withdraw funds in it, if any,” advised Philippe Castonguay, who also took part in the discovery. “All users funds are at risk, especially newly deposited funds,” he told Decrypt. The awareness campaign is working; in the last 24 hours, FairWin has lost all of its volume, major blockchain explorers like Etherscan have flagged it as vulnerable, and no funds remain in its wallet. Is it a White Hatter Victory, or Ethereum’s latest exit scam?