Early Tuesday morning, the decentralized FairWin´s application (dApp) smart contract was drained off its balance in a multitude of transactions that have been increasing over the past few days following reports about critical vulnerabilities in the smart contract as well as accusations of the project being a Ponzi scheme.
On September 28th, Crypto-economy ran a story on the Ponzi-scheme claims and its vulnerabilities, and at the time of the report, the smart contract held a little over $7 million worth of ETH.
Fairwin.me is a gambling dApp that also doubles as an investment scheme of some sorts promising huge interest payouts every five days for users that choose to lock their ETH on the dApp. Last week, Ethereum developers discovered three vulnerabilities in the smart contract that potentially put the users’ funds at risk.
The main vulnerability involves the creators who apparently have a back-door to access the users’ funds. The other is that the creators don’t have exclusive access to the funds as any nefarious hacker could easily use this back-door access to steal funds held by the smart contract. And finally, the creators have the capacity to freeze user funds.
These are just the vulnerabilities. When it comes to the fishy accusations that point to the fact it is a Ponzi scheme or a scam, a Reddit user going by the pseudonym ‘clesaege’ has a quick rundown here. Basically, the dApp design is sloppy and the team behind it is pseudonymous. The website ConcourseQ shares a few red flags that show Fairwin.me could be a scam. They include:
• Fake team: FairWin is using Stock images for the team.
• Very bad grammar, with spelling mistakes and nonsense phrases/words used.
•Ponzi elements in the game.
• The video on the homepage is really bad.
It is not known as of press time whether the funds that were held in the smart contract were actually withdrawn by their owners or the Fairwin creators. There’s also another possibility that the smart contract has been hit by a hacker considering that the vulnerabilities had been reported several days ago.
Before the scam and vulnerability reports, Fairwin.me held about $10 million in users’ funds and paid the highest gas fees of any smart contract on the Ethereum blockchain. Over the last 30 days, EthGasStation.info reports that Fairwin.me was the biggest spender of ether gas of any smart contract ahead of leading stablecoin Tether.