Serial smart contract pyramid schemer Lado Okhotnikov |
[This is a republication of my latest opinion piece from CoinDesk.]
Last week the U.S. Securities and Exchange Commission (SEC) charged 11 individuals with creating and marketing Forsage, the world’s largest and longest-running smart contract-based pyramid scheme.
Alas, Lado Okhotnikov, the ring leader of Forsage and rumored to be based in the Republic of Georgia, remains at large. And while the original Forsage smart contracts are nowhere near as popular as they once were, they continue to welcome new money, SEC be damned.
Worse, Okhotnikov's new smart contract pyramid, Meta Force, continues to grow. Over $42 million in DAI stablecoins have been deposited into Meta Force by unwitting investors since the alleged scam debuted a month ago.
Smart contract pyramid schemers like Okhotnikov prey on the weak and vulnerable. What can we do to better fight them?
A quick history of smart contract-based pyramids
A pyramid scheme is an illegal business model where returns to existing investors are generated from newly recruited investors' money or fees. They are ultimately unsustainable because the supply of new investors is finite.
Pyramid schemes have existed for centuries. But pyramid schemers quickly realized the benefits of blockchain technology. MMM Global, a pyramid that tore through Nigeria, India, China and other developing nations through 2014 to 2016, used bitcoin (BTC) for payments. A group of researchers who studied the pyramid found that, at its peak, MMM Global was processing $150 million per day.
The advantages of bitcoin are clear. While authorities can shut down a pyramid scheme by leaning on its payments processors or bank, the Bitcoin blockchain can't be turned off.
The rollout of Ethereum led to the next big innovation in pyramids: the smart contract pyramid scheme. In addition to relying on blockchains for payments, this type of alleged scam built its pyramid apparatus on the Ethereum blockchain using smart contracts.
There are advantages to using a smart contract to run a pyramid. The entire back office structure can be automated using code, which makes administration easier for the scammer. It also allows the pyramid to be marketed as an "honest" Ponzi; that is, because it is implemented by code rather than by hand, it can be said to always run correctly.
Furthermore, because that code is public, it can – in theory, at least – be audited by users.
Smart contract pyramids are safer for the scammer to run than traditional pyramids because they afford a degree of anonymity. And while the authorities can shut down a traditional pyramid by visiting the office out of which it operates, building it on Ethereum makes it much harder to stop.
Smart contract pyramids soon became endemic to Ethereum. A 2019 study by a group of Italian researchers cataloged 184 smart contract pyramids in play at the time.
Most of these were quite small. It was Lado Okhotnikov's Forsage that broke the mold. Forsage's first Ethereum smart contract, x3/x4, would process almost $240 million in payments in 2020. At one point it was Ethereum's second busiest contract, after tether.
Ethereum gas fees would soon rise, forcing alleged pyramid alleged scammers like Okhotnikov to migrate to cheaper blockchains. Over the next few years Okhotnikov launched five other smart contract Ponzis on the Tron and Binance Smart Chain blockchains. Recently, scammers have begun to move back to Ethereum thanks to level 2, or subsidiary blockchain, systems that have lowered costs. In Okhotnikov's case, he has set up his newest pyramid, Meta Force, on the Polygon Network.
A forensic analysis of Forsage
Thanks to the transparency of blockchains, Sarah Meiklejohn and other researchers carried out a precise analysis of Forsage’s payouts and losses, focusing on the $240 million Ethereum x3/x4 contract.
While the founders boasted that the system was transparent and open source, it took the researchers weeks of effort to understand the code, which meant that almost no Forsage participants could have actually audited the smart contract. So much for transparency.
Meiklejohn et al. found that the system had been coded at the outset to benefit only a few people. For instance, participants had to buy slots that offered the right to get payments from new recruits. After recruiting three participants, a slot would be blocked and the recruiter had to pay fees to reopen it and receive payment. The organizers’ slots, however, were coded to be exempt from this rule.
The SEC found that Okhotnikov had coded one of his subsequent pyramids, Ethereum xGold, to divert a portion of investor funds to a wallet that was not associated with a Forsage ID. This contradicted Okhotnikov’s representation that all funds were paid out to investors. By 2022, that address had diverted over 1,000 ETH.
In the end, Meiklejohn et al. report that 1 million Forsage accounts lost money, a remarkable 88% failure rate. The top 1,000 users made 50% of all profits. Okhotnikov and his fellow cofounders capitalized by positioning themselves at the top of the pyramid. The SEC accuses them of owning the best five spots in the x3/x4 Forsage pyramid, the topmost of which earned 5409 ether (ETH), well over $1 million, according to Meiklejohn et al.
Okhotnikov and his colleagues aggressively marketed their scams on social media. Forsage's official YouTube channel, which is now dedicated to the new Meta Force pyramid, currently has over 47,000 subscribers. The most popular Forsage video, which is in Hindi, has been viewed 384,000 times. This is despite YouTube's terms of service having a blanket ban on marketing pyramid schemes.
In their paper, Meiklejohn and her colleagues traced the location of most of the victims of Forsage to developing nations, in particular Nigeria, Philippines and Venezuela. This reveals these alleged scams for what they are: a way for a few rich people to steal from the poor and vulnerable. They need to be stopped. But how?
What can be done?
Because smart contract pyramids are built on censorship-resistant blockchains, they can't be attacked at the root, nor can they be undermined indirectly by removing them from the payments system.
Writing on CoinDesk, Lex Sokolin has proposed that white hat hackers organize to find vulnerabilities in smart contract pyramids and bring them down. It's a nice idea, but so far white hat hackers haven't shown much interest in chasing after pyramids.
Perhaps the most effective way to hurt smart contract Ponzis is by attacking their reputation. The SEC's charges will certainly help on this front. Now when a potential victim searches for Okhotnikov or one of his "investment" products, they'll have the opinion of the world's largest securities regulator to rely on.
The good news is that the SEC's actions seem to have had an effect. The rate of deposits to Okhotnikov's newest (alleged) scam, Meta Force, which has already attracted $42 million in deposits, began to decline the day after charges were announced. On YouTube, a nervous Lado Okhotnikov described the SEC’s charges as slander and defamation.
But we needed the SEC to begin its attack long ago. Publishing a cease and desist early on, like securities regulators in Montana and the Philippines did, would have helped tarnish Okhotnikov's reputation before his alleged scams could hurt more people.
Regulators like the SEC should try to harness the transparency of blockchains to their advantage. It's possible to see these things popping up and monitor how big they get, so regulators can very quickly mobilize resources to combat them.
The SEC should also consider fighting like with like. Smart contract Ponzi scams spread through garish videos on YouTube. Alas, the SEC didn't post its charges to its YouTube channel. A catchy video about Forsage would go much further than a terse tweet.
Finally, influential blockchain personalities like Ethereum co-founder Vitalik Buterin and Binance CEO Changpeng Zhao should step up and speak out against smart contract Ponzis when they crop up. They may not wish to do so, because admitting the problem may attract negative attention to the technology. But addressing these scams as early as possible will not only reduce damage to innocent people, it will also limit damage to the long-term reputation of blockchains.
No comments:
Post a Comment