PoWHcoin: Ponzi Schemes, Overflows, And Blockchain Hacks

Powhcoin: Ponzi Schemes, Overflows, And Blockchain Hacks
Powhcoin: Ponzi Schemes, Overflows, And Blockchain Hacks

Ponzi schemes date as far as the 1920s. These fraudulent activities got their name
from an Italian man named Carlo Ponzi (anglicized to Charles Ponzi).

Ponzi arrived in the States in 1903, penniless, but his persuasive personality enabled him to swindle ‘investors’ out of $20m (about $240m in today’s money), through a set of schemes known as Ponzi schemes.

Fast forward to the 21st century. Scores of people still get conned by men and women not unlike Mr. Ponzi. Bernard Madoff ran a similar scheme in the early 2000s, for example, incurring a fraud worth about $65bn. There are two reasons why Ponzi schemes worked in the 1920s and still do now, gullibility and greed.

Now, cryptocurrencies have stirred a whole new level of fraud and controversy,
involving Ponzi-like schemes to exploit those human weaknesses.

Enter PoWHcoin, an ICO of sorts offering a novel, blockchain-based Ponzi ‘game’, designed to test the Proof-of-Weak-Hands Coin (PoWHCoin) technology, which means that every time anyone buys a coin, 10% of its value is turned into new PoWH coins, which are then split between all previous investors as dividends based on how many coins they currently own.

Only PoWHcoin became a victim of its own boldness. The underlying contract got hacked three days after it went public, and a lot of money went missing.

Here’s how the game was supposed to run:

PoWHcoin offered POWH coins, an Ethereum-based currency built on the ERC-20 standard. These tokens had no value whatsoever outside of the POWH game context.

Every time a token was purchased, a Smart Contract increased the price of the next token (by about 0.25%).

Conversely, every time a token was sold, the next token was assigned a slightly lower value, -0.25% approximately.

This Pump-and-Dump dynamic was to result in wild fluctuations in token price and dividends, which would lead to people buying even more hoping to a) make up for losses, or b) get more tokens as the price went up.

The Smart Contract underlying the whole thing was designed to spike, crash, then spike again, and so on, prolonging the game indefinitely, for as long as Ethereum is around.

Overflow hack: swindling the swindler


Ponzi was a cunning man, no doubt about that, but his cunning was finite, and his demise swift. Computer code, too, is never 100% infallible.

PoWHcoin was hacked shortly after it was launched, when some smart mind figured out a vulnerability in the underlying code. They exploited an overflow bug to drain the contract underpinning the concept. By passing a certain argument value, it allowed the contract to bypass balance checks. A transfer function was then triggered, selling tokens the account did not actually have.

Barely three days after it began. 866 ETH worth about $950,000
vanished into Ponzi hell.



PoWHcoin was launched almost as a parody of what Ponzi schemes are meant to be like. It was never meant to be taken seriously, nor used as an investment security of any kind. The website’s language made this abundantly clear.

It was a social experiment to play on those same dastardly human traits: gullibility and greed. The whole point was to test out the Proof-of-Weak-Hands technology v IRON HANDS, and that’s why the contract was designed to pump and dump itself, intentionally creating wild variations in coin value. When the value fell sharply, those of a weak disposition would panic sell, and the value of the coin would fall further by design. At this point, new investors would see this as the right time to buy, and the value would rise again. This dynamic would go on indefinitely.

Alas, it did not.

ICOs will not last forever. Greed and gullible people, however, will always be around.