Massive Ethereum “Ponzi Scheme” FairWin Is Vulnerable, ETH Devs Find
Ethereum Blocks Filling Up
As covered heavily by this outlet over recent weeks, the Ethereum network has been seeing more activity than ever before. In fact, the network has been used so much that miners of ETH recently opted to increase the capacity of blocks by 25% — allowing for more transactions to take place and more processes to be completed every 14-odd seconds.
This growth in network activity can be attributed to many things.
Firstly, the migration of Tether’s USDT stablecoin onto Ethereum has resulted in a massive increase in ERC-20 tokens. Secondly, decentralized finance projects, like smart investing platform Set or decentralized bank Compound, continue to gain traction with cryptocurrency users.
But most importantly, a questionable smart contract called “FairWin” has experienced immense popularity, burning through a purported 50% of all of Ethereum’s gas allocation. In fact, smart contract data shows that the smart contract has been involved in a jaw-dropping 360,000 transactions.
Well, to put it simply, it’s a “fair” Ponzi scheme that gives early entrants to the game outsized dividends and is built upon getting more users involved — which is basically how a pyramid scheme works.
For some reason or another, FairWin, which caters to a Chinese audience (website in broken English, sports Chinese characters), has managed to gain massive traction. So much traction, in fact, that Etherscan reports that there is over $6.5 million worth of ETH in the contract. What’s more, FairWin sees dozens of transactions each minute, as those part of the pyramid presumably try and turn a profit on their “investment”.
While this is far from the first case of a “decentralized pyramid scheme”, it is seemingly the first large-scale contract of its kind that is believed to be quite vulnerable to attack.
Philippe Castonguay, R&D at blockchain gaming studio Horizon Games, recently wrote on Twitter that the FairWin contract has “critical vulnerabilities that put all funds at risk”, then asked his followers to spread knowledge of this.
Ameen Soleimani, the chief executive of Ethereum adult entertainment project SpankChain, doubled down on these concerns, posting to his on feed that the contract can “be drained by the owners… [and is also susceptible to] a separate attack black hats can do.”
Fair warning: The FairWin Ponzi contract can be drained by the owners. There is a separate attack black hats can do if the owners don't stop it (by draining it themselves).
It seems that users are responding to these fears. There has been an exodus of hundreds of thousands of dollars worth of ETH over recent days, presumably in anticipation that a bad actor will take advantage of the seeming gap in security.