One of the overarching concepts of using crypto-centric gambling sites is that they take away the fear of being scammed by the operator. This is especially the case with platforms that utilize the immutable characteristics of a smart contract to facilitate games. With that being said, it was reported in late 2019 that FairWin – a decentralized gambling platform on the Ethereum blockchain, is suspected of stealing $10 million worth of ETH from punters. As per the CoinTelegraph breaking report, the smart contract that was deployed to govern the gambling ecosystem held just over 49,000 ETH in September 2019. Other sources put this figure at a staggering $125 million. Either way, the smart contract balance now stands at a big fat zero. In this article, we explore how the Ethereum casino scam took place, how it could have been prevented, and ultimately – what you need to do to ensure you gamble in a safe and secure crypto ecosystem.
Ethereum Smart Contracts Need to be Verified
As the name suggests, FairWin is an online gambling site that aims to guarantee the fairness of its casino games through blockchain technology. It does so by utilizing smart contracts and thus – allows code to govern the gambling ecosystem.
In this sense, the online games that you play are 100% fool-proof, as the underlying Ethereum smart contract cannot be amended or manipulated – or can it? Well, in the case of FairWin – a platform that is now believed to be nothing more than an Ethereum casino scam, it seems not.
In fact, it appears that developers in the know-how warned those with exposure to the site to withdraw their funds immediately – as vulnerabilities were present in the smart contract’s code.
Philippe Castonguay – a blockchain developer, posted on social media that the underlying FairWin smart contract “contains critical vulnerabilities that put all funds at risk. Spread knowledge (especially in Asia) Users need to withdraw their funds and stop interacting with the contract ASAP”.
And it appears that the developer was right. Crucially, the code governing the smart contract allowed owners of the site to remove ETH as and when they saw fit. Moreover, the code also permitted site owners to block player withdrawals, and weaknesses in the make-up of the contract were also vulnerable to external hacks that could lead to the theft of deposits.
How did FairWin Scam Token Holders?
Although FairWin labels itself as a fair online gambling platform, it appears likely that the platform is nothing but an Ethereum casino scam. Some go as far as labelling the platform as a Ponzi Scheme – and with good reason. For example, the platform also operated its very own digital token.
This purportedly allowed token holders to share gambling-related profits that the site yielded. This amounted to a “guaranteed” profit of between 0.5-1% after just five days of making an investment. However, users were required to deposit between 1-15 ETH to get this yield.
Upon further exploration, it appears that only 70% of the funds collected were ever distributed to investors. The remaining 30% was subsequently retained by FairWin itself.
Is the Future of Decentralized Gambling at Risk?
There can be no denying that the future of gambling will be facilitated in a decentralized way. After all, if we don’t need a middle-man to process and manage bets, why bother using one? However – and has been made crystal clear by the FairWin Ethereum casino scam, the concept of decentralized gambling is not 100% fool-proof. The overarching reason for this is the smart contract itself.
On the one hand, smart contracts do exactly what they were designed to do. By creating a water-tight code, people can transact with one another without needing to trust the other party. Moreover, the smart contract cannot be amended once it has been deployed, subsequently ensuring that both parties fulfil the agreement that they made with one another.
However, this is only the case if the smart contract has been created [a] correctly and [b] in good faith. While those behind the FairWin platform argue that the reported flaws were a result of the former, most commentators argue that the loss of funds was a case of internal malpractice.
And here lies the issue. Although smart contracts are transparent – meaning that anyone can review the terms of the contract if they wish to do so, only a very small number of people have the required skills to do this. Crucially, the vast majority of us do not know how to write code, let alone verifying its authenticity.
As a result, it is all good and well when a decentralized Ethereum casino labels itself as 100% true and fair because it is governed by a smart contract, however – this is only the case if it has been deployed correctly and in good faith.
The only way to verify this is to have an independent party to review the contract to certify its legitimacy. In the case of FairWin, it took an unknown blockchain developer to do this on behalf of the platform’s players, and post his findings on social media.
In summary, it still remains to be seen beyond doubt what constituted the theft of millions of dollars worth of ETH from the FairWin smart contract. While most commentators argue that the developers purposefully designed the contract to allow them to steal ETH as and when they saw fit, the site owners refute this claim. On the contrary, they argue that the smart contract was built with good intentions, albeit, with certain errors.
Either way, those that had a vested interest in the site – whether that’s through gambling balances or token holder investments, have subsequently lost millions of dollars worth of ETH. As such, the decentralized gambling industry has a long way to go before it can claim to challenge the traditional casino space.
As such, always perform your own research before joining a new platform. More specifically, if the gambling platform in question is governed by a smart contract, make sure an independent developer has first reviewed the contract to ensure it is 100% legislate. In doing so, you’ll stand the best chance possible of avoiding an Ethereum casino scam like FairWin.