According to Etherscan’s data, at press time FairWin’s balance is exactly zero ETH. Yet, the smart contract held over 49,518 ETH just a few days ago on Sept. 26. FairWin’s value also topped at over $10 million on Sept. 21.
It is unclear whether the contract was drained by its owner, some malicious actors or concerned users, but the multitude of withdrawing addresses suggests the latter.
“The http://FairWin.me Ponzi Scheme contains critical vulnerabilities that put all funds at risk. Spread knowledge (especially in Asia) Users need to withdraw their funds and stop interacting with the contract ASAP.”
Later Castonguay explained that he discovered three main vulnerabilities, “one allowing the owner/admin of the contracts to totally drain, one where the admin can prevent users from withdrawing forever and one where anyone, not just the owner, can steal new deposits.”
Mainly shared on Chinese social media and blogs
A detailed allegation from Reddit contributor chutiyabehenchod on Sept. 20 outlined that FairWin was purportedly mainly shared on Chinese social media and blogs, and worked as a 5-day period high yield investment program. Users allegedly deposited 1–15 ETH and got a percentage return of 0.5–1% after five days. The post continued:
“It’s decentralized, however only 70% of the amounts deposited actually go back to pay the commissions of the older deposits. […] 30% is always taken! Once the account is dried out those that entered last will be punished by losing absolutely everything… likely some of them will be reinvestments. Currently with 40k ETH, 12k are already for the unknown scammers.”