Fresh dirt

  • The Collapse of FairWin’s ~$125m Ponzi Scheme

    TL;DR On September 11th 2019, I stumbled upon FairWin.me, a suspicious and busy project on Ethereum responsible for $1.5m worth of gas usage in the last 30 days. In the following three weeks, I reached out to various members in the community and we discovered the following:

    • Current contract contains a critical vulnerability
    • $8 million worth of ETH stored in contract could’ve be stolen by admins
    • Contract is filled with bugs and poor coding practices
    • Pictures and emails on website are fake
    • $250k was drained in a previous version of the contract

    On September 26th, we decided to disclose the presence of vulnerabilities publicly, when the contract held close to 50k ETH (~$8m). On September 30th, 4 days after the disclosure, the contract held 0 ETH. In total, the contract received 687,598 ETH (~$125,000,000) before the Ponzi scheme collapsed.

    12 points
    Upvote Downvote