Ethereum has a gambling problem.
Since July, products resembling Ponzi schemes, a fraudulent form of investment promising high returns for little cost, have topped the charts among decentralized applications (dapps) running on the worldâs second-largest blockchain, outpacing even the popular CryptoKitties.
But if user counts and transaction volumes observed on these applications are high, so too is the level of concern over the risks consumers face when using them. Already mounting are warning cries from technologists who arenât exactly known for their risk reticence, a group that includes gambling dapp developers themselves.
Such was the case for Team JUST, the group of anonymous developers behind the infamous gambling dapp FOMO 3D, who warned last week that what looked to be a near identical copy of its game was eating up one-third of the networkâs total computational power, raising over $7 million in ETH within the span of seven days.
Team JUST has gone on record both publicly and in private communications with CoinDesk to allege the imposter game as being a Chinese mobile app called LastWinner supposedly created to âtrickâ users by displaying false, bot-driven game activity.
To elaborate, Team JUST purports that the game essentially uses its own ether, 200,000 to be exact, as a means of fueling thousands of transactions that are carried out by computer bots. The goal is to give the appearance of a highly popular and legitimate gambling dapp, thereby luring users to engage with their own ether in the hopes of winning big.
One of the lead designers in Team JUST, who goes by the pseudonym âJusto_Bot,â went so far as to issue statements in a channel-wide Discord post Tuesday, warning users that LastWinner might be run by criminals.
He wrote:
âThe scale of this wallet, the scale of these bots. The amount of sheer gas being used. I genuinely think youâre probably looking at a crime syndicate running this in China to scam people on a scale the ethereum network has never seen before ⦠Itâs very bad.â
But it isnât just the developers who are concerned.
Users and analysts alike raised alarm bells on several different online channels over the frenzy of transaction activity caused by the new gambling dapp, said to be LastWinner. First, though, there was the matter of figuring out just what exactly was occurring.
In the days after the launch, comments on Etherscan affirmed that the activity was noticeable, with users noting how the app was outperforming even those it was designed to mimic. As one user attested at the time in what amounts to an eye-witness report, âIt is definitely the most popular F3D clone so far, beating the original very easily.â
Indeed, the activity was quickly identified as an anomaly by data providers.
Amberdata, a blockchain monitoring and analytics firm, explained to CoinDesk that as a result of âthe clone of the FOMO 3D gambling appâ the ethereum blockchain has been under a heavy load.
âOverall, about $50.7M of value (Incoming: $29,000,000 and Outgoing: $21,750,000 together) has transmitted through this contract,â the firm estimated as of August 16.
Dr. Aleksandra Sokolowska, head of research and analytics at Validity Labs, also picked up on the activity, agreeing that the âhighly coordinated and automaticâ interactions of the dapp are suggestive of computer bots.
Still, she concluded in an email address to CoinDesk that the true nature of the dapp, whatever its true name, cannot be fully ascertained, explaining that:
âAs we donât see the source code, it is very hard to tell what the purpose of the code is. It is possible that someone knowingly encourages honest users to play such a game by generating artificial traffic with Sibyl accounts in order to withdraw some or all funds. â
With the abilities of analysts limited, the urgent warnings put forth by Team JUST have sparked a degree of suspicion pointing back to the true nature of the original FOMO 3D application itself.
Because while both gambling dapps have clear instructions on the rules of their game, the source codes responsible for actual game deployment have yet to be fully disclosed and verified.
As far as users are concerned, though, this actually adds to the risk.
Scott Bigelow, a blockchain developer for the dapp Augur, explained in a post on Medium that when it comes to unverified source code, the potential for âmalicious intent and bugsâ cannot be discredited. He further explained how FOMO 3Dâs âunverified contractâ might just lead to a shutdown of the entire game one day, âallowing a single player to claim the jackpot for themselves.â
What Bigelow is describing here can be typified as an âexit scamâ whereby game creators pull off an orchestrated attempt to hijack raised funds. The same vulnerability lies with the alleged LastWinner dapp given it also runs in part on unverified source code.
And of course, this is not the only potential danger that exists for users engaging in gambling dapps like those described above.
PeckShield, a blockchain security firm, reports in an email to CoinDesk that the alleged LastWinner dapp possesses a common âairdrop vulnerabilityâ whereby small amounts of user funds can be intentionally skimmed from airdrop prizes. This was reportedly originally flagged by ethereum developer Peter Szilagyi as a way to âPWNâ FOMO 3D, though Team JUST claims they knew of the vulnerability in advance.
As such, elements of scam accusations put forth by Team JUST against the alleged LastWinner dapp have raised lines of questioning that lead back to the intentions of the original game.
One Reddit commentator asked:
âIf this is a clone, and the clone owner has the ability to exit scam, doesnât this imply that the original owner also has the ability to exit scam?â
Nevertheless, just because something looks like a scam, that doesnât mean it is. (Bitcoin has, after all, been labelled by its most severe critics as a Ponzi scheme).
Even for ethereum developer Lane Rettig, such determinations about the nature of activity generated by the alleged LastWinner dapp canât be certain. He wrote in email addressed to CoinDesk that without âthe contract codeâ it would be âimpossible to say more.â
What can be said, at least on the part of Amberdata CEO Shawn Douglass, is that gambling dapps and their respective clones donât seem to be going away anytime soon given their allure to a growing base of users on ethereum.
Douglass asserts:
âIf there has been a demonstrative mechanism that you can enlist a lot of participation and accrue a large amount of money, I think youâll see more of these ⦠I donât think the ethereum foundation can control it in that itâs a decentralized organization.â
Put a different way, Sokolowska likens ethereum to âa free marketâ in which âanyone who can make a return of investment in any way will use their opportunity.â
As such, it doesnât come as much surprise then that despite growing concerns over user safety in games of chance on ethereum, thereâs fierce opposition in the community from stopping them entirely.
As one user on Reddit argues: âItâs fascinating how people want decentralization, until it works against themâ¦people are playing the game/gambling and paying high gas prices to do so. Itâs an egalitarian model, and itâs successful because peopleâ¦canât pick and choose what to censor.â
It seems the mantra of the ethereum platform, at least for the time being, when it comes to user appetites for risky gambles is to live and let live because ultimately, the choice to engage remains in the hands of users.
And that, as with most decentralized platforms, is a pretty dicey gamble.
Dice image via Shutterstock
