Ethereum has a gambling problem.
Since July, products resembling Ponzi schemes, a fraudulent form of investment promising high returns for little cost, have topped the charts among decentralized applications (dapps) running on the world’s second-largest blockchain, outpacing even the popular CryptoKitties.
But if user counts and transaction volumes observed on these applications are high, so too is the level of concern over the risks consumers face when using them. Already mounting are warning cries from technologists who aren’t exactly known for their risk reticence, a group that includes gambling dapp developers themselves.
Such was the case for Team JUST, the group of anonymous developers behind the infamous gambling dapp FOMO 3D, who warned last week that what looked to be a near identical copy of its game was eating up one-third of the network’s total computational power, raising over $7 million in ETH within the span of seven days.
Team JUST has gone on record both publicly and in private communications with CoinDesk to allege the imposter game as being a Chinese mobile app called LastWinner supposedly created to “trick” users by displaying false, bot-driven game activity.
To elaborate, Team JUST purports that the game essentially uses its own ether, 200,000 to be exact, as a means of fueling thousands of transactions that are carried out by computer bots. The goal is to give the appearance of a highly popular and legitimate gambling dapp, thereby luring users to engage with their own ether in the hopes of winning big.
One of the lead designers in Team JUST, who goes by the pseudonym “Justo_Bot,” went so far as to issue statements in a channel-wide Discord post Tuesday, warning users that LastWinner might be run by criminals.
“The scale of this wallet, the scale of these bots. The amount of sheer gas being used. I genuinely think you’re probably looking at a crime syndicate running this in China to scam people on a scale the ethereum network has never seen before…It’s very bad.”
The limits of analysis
But it isn’t just the developers who are concerned.
Users and analysts alike raised alarm bells on several different online channels over the frenzy of transaction activity caused by the new gambling dapp, said to be LastWinner. First, though, there was the matter of figuring out just what exactly was occurring.
In the days after the launch, comments on Etherscan affirmed that the activity was noticeable, with users noting how the app was outperforming even those it was designed to mimic. As one user attested at the time in what amounts to an eye-witness report, “It is definitely the most popular F3D clone so far, beating the original very easily.”
Indeed, the activity was quickly identified as an anomaly by data providers.
Amberdata, a blockchain monitoring and analytics firm, explained to CoinDesk that as a result of “the clone of the FOMO 3D gambling app” the ethereum blockchain has been under a heavy load.
“Overall, about $50.7M of value (Incoming: $29,000,000 and Outgoing: $21,750,000 together) has transmitted through this contract,” the firm estimated as of August 16.
Dr. Aleksandra Sokolowska, head of research and analytics at Validity Labs, also picked up on the activity, agreeing that the “highly coordinated and automatic” interactions of the dapp are suggestive of computer bots.
Still, she concluded in an email address to CoinDesk that the true nature of the dapp, whatever its true name, cannot be fully ascertained, explaining that:
“As we don’t see the source code, it is very hard to tell what the purpose of the code is. It is possible that someone knowingly encourages honest users to play such a game by generating artificial traffic with Sibyl accounts in order to withdraw some or all funds. “
Friend or foe?
With the abilities of analysts limited, the urgent warnings put forth by Team JUST have sparked a degree of suspicion pointing back to the true nature of the original FOMO 3D application itself.
Because while both gambling dapps have clear instructions on the rules of their game, the source codes responsible for actual game deployment have yet to be fully disclosed and verified.
As far as users are concerned, though, this actually adds to the risk.
Scott Bigelow, a blockchain developer for the dapp Augur, explained in a post on Medium that when it comes to unverified source code, the potential for “malicious intent and bugs” cannot be discredited. He further explained how FOMO 3D’s “unverified contract” might just lead to a shutdown of the entire game one day, “allowing a single player to claim the jackpot for themselves.”
What Bigelow is describing here can be typified as an “exit scam” whereby game creators pull off an orchestrated attempt to hijack raised funds. The same vulnerability lies with the alleged LastWinner dapp given it also runs in part on unverified source code.
And of course, this is not the only potential danger that exists for users engaging in gambling dapps like those described above.
PeckShield, a blockchain security firm, reports in an email to CoinDesk that the alleged LastWinner dapp possesses a common “airdrop vulnerability” whereby small amounts of user funds can be intentionally skimmed from airdrop prizes. This was reportedly originally flagged by ethereum developer Peter Szilagyi as a way to “PWN” FOMO 3D, though Team JUST claims they knew of the vulnerability in advance.
As such, elements of scam accusations put forth by Team JUST against the alleged LastWinner dapp have raised lines of questioning that lead back to the intentions of the original game.
One Reddit commentator asked:
“If this is a clone, and the clone owner has the ability to exit scam, doesn’t this imply that the original owner also has the ability to exit scam?”
An unstoppable force
Nevertheless, just because something looks like a scam, that doesn’t mean it is. (Bitcoin has, after all, been labelled by its most severe critics as a Ponzi scheme).
Even for ethereum developer Lane Rettig, such determinations about the nature of activity generated by the alleged LastWinner dapp can’t be certain. He wrote in email addressed to CoinDesk that without “the contract code” it would be “impossible to say more.”
What can be said, at least on the part of Amberdata CEO Shawn Douglass, is that gambling dapps and their respective clones don’t seem to be going away anytime soon given their allure to a growing base of users on ethereum.
“If there has been a demonstrative mechanism that you can enlist a lot of participation and accrue a large amount of money, I think you’ll see more of these… I don’t think the ethereum foundation can control it in that it’s a decentralized organization.”
Put a different way, Sokolowska likens ethereum to “a free market” in which “anyone who can make a return of investment in any way will use their opportunity.”
As such, it doesn’t come as much surprise then that despite growing concerns over user safety in games of chance on ethereum, there’s fierce opposition in the community from stopping them entirely.
As one user on Reddit argues: “It’s fascinating how people want decentralization, until it works against them…people are playing the game/gambling and paying high gas prices to do so. It’s an egalitarian model, and it’s successful because people…can’t pick and choose what to censor.”
It seems the mantra of the ethereum platform, at least for the time being, when it comes to user appetites for risky gambles is to live and let live because ultimately, the choice to engage remains in the hands of users.
And that, as with most decentralized platforms, is a pretty dicey gamble.
Photo via Shutterstock.
Published at Fri, 17 Aug 2018 15:00:56 -0400