One of the biggest smart contracts on the Ethereum network, FairWin, appears to have exit-scammed with over $125 million.
FairWin is supposed to be a basic gambling platform with a dividend token that shares profits with users or holders. People who pick up the token through other means than using the site, such as an exchange, can earn profits.
FairWin is by far the most active smart contract on the network, utilizing over half of Ethereum’s “gas” in the last 30 days. For comparison, it used almost double what Tether – one of the largest assets in all of cryptocurrency – used to process transactions of its multi-billion dollar stablecoin.
Massive Smart Contract Or Massive Swindle?
Gas is what Ethereum uses to process transactions, whereas in Bitcoin a small amount of Bitcoin is paid to miners. Gas is the same concept.
In the past few days, some crazy events have taken place at FairWin, and the short version of the story is that all $125 million or so – a total of nearly 700,000 Ether raised over time – has gone missing.
White hat hackers discovered the funds missing, along with important vulnerabilities in the gambling platform’s design which made it weak. FairWin’s website has a notice acknowledging the recent breach, and the missing funds, opening by saying:
“Unfortunately, our dividend-sharing game has to be restarted. However, this is predictable. FairWin is fair and just to everyone. All transaction data can be checked. It is entirely the player’s spontaneous behavior. However, restart is also one of the rules of the game. Our game will be initialized and restarted within 72 hours of the announcement, and a new round of games is about to start… ”
According to FairWin, the flaws were not intentional, but not everyone is convinced. FairWin says that a failed hacking attempt back in July caused the contract’s funds to be drained through the gas system, but that its developers were able to thwart the attack. It says the funds were moved to another address.
“[…] our first-generation contract (0x11f5C92c2dA3d3efAB76ad456D31412Ed4D1424B) was attacked by hackers, but the hackers’attack was invalid and all the ETH in the contract was intercepted to the handling fee address.”
The new address that the gambling firm claims funds wound up in contains virtually nothing. The original contract address hasn’t had a transaction on it for over 20 days.
Ethereum Researchers Blow The Lid Off Scam
According to researcher Philippe Castonguay, it’s likely that site administrators made off with at least $8 million Ether. A report published today denotes that a “critical vulnerability” is likely to blame, and that Castonguay and his colleagues have known about these problems since at least September 11th.
A fair disclosure window has been made available to the FairWin.me team, and by all accounts, it appears the gambling site will be nothing more than a bad memory for those who were invested in it.
That disclosure window is probably the only “fair” thing about FairWin, or its gambling platform, at this point. The disclosure window closed on September 26th. Now, Castonguay writes:
“While this was fixed in the latest version of the contract, admins still had the possibility of emptying the contract, enabling them to drain the contract when they pleased (they decide who gets the rewards and how much). Good thing we don’t know who they are.”
For a more detailed summary, see Castonguay’s post.
BSN will update this story or publish a new one if or when FairWin makes good on its promise to launch a new game replete with the funds lost in the previous one.