Augur (REP), one of the largest decentralized prediction market platforms, reportedly has a vulnerability which was recently exploited by several bad actors.
According to Augur’s developers, the vulnerability can only be fixed after the Ethereum-based platform’s update, Augur version 2.0, is released. Joey Krug, the co-founder of Augur, revealed through a series of tweets that the prediction market network’s software glitch has already been exploited.
Notably, Krug’s response (via Twitter) came after Reddit user “Singlefin 12222” posted a warning message which stated that “Augur is being gamed.” As noted by Singlefin, several malicious actors had exploited Augur’s platform by placing bets that reportedly have highly unlikely or impossible outcomes. The same bad actors had then voted to make their bets invalid, a move that triggered Augur’s network to start distributing all the funds collected (through betting) to all the people who participated in a bet.
“Scammers Bet On The Outcomes That Will Not Win”
As detailed by the Redditor, the bad actors had placed a bet through Augur’s network that had a “very subtle mistake.” The scammers then also bet on a set of outcomes they predicted would not win, and also staked REP tokens on the market being invalid. This reportedly led to all staked funds being distributed equally among all of the platform’s users. This means that all participants were paid, regardless of whether they bet on the correct (or incorrect) outcome.
Explaining how certain bad actors in the Augur community were pulling off the scam, Reddit user Singlefinn noted:
- Malicious actors “create market with very subtle mistake in the description (like non-native English language),”
- “Scammers bet on the outcomes that will not win,”
- “Scammers stake REP on the market being invalid,”
- “All staked funds will be distributed equally. So scammers that bet on the wrong outcome will profit.”
According to Singlefin12222:
This makes Augur unusable at this point since basically every single character in the market description can be used to render it invalid. The staking model do [not] work because the majority of REP holders doesn’t participate.
Krug: Augur’s Updated Version 2.0 Will Prevent System From Being Exploited
1) Almost all of these purposefully confusing markets are being created by one person, not a bunch of people. The activity on those markets is also by one person / address. https://t.co/9jLIeGqun9
— Joey Krug (@joeykrug) March 20, 2019
In response to the Redditor’s comments, Krug said that the user was “kinda [spreading] fake news for a few reasons.” Krug has claimed that all the misleading markets were intentionally opened by only one user as they were associated with a single address. The Augur co-founder also alleged that contrary to what the Reddit user had claimed, it was not a group of actors that had acted dishonestly.
Krug further mentioned that his development team was already aware of these problems and that they were currently working to ensure that Augur’s platform can not be exploited in this manner. He explained that the updated version of Augur’s software, will reportedly include a validity bond feature, which will serve as collateral. This, Kruger said, should prevent users from cheating, or acting dishonestly, by essentially betting on impossible scenarios.