key: cord-0514068-4p6flxw4
authors: Kell, Tyler; Yousaf, Haaroon; Allen, Sarah; Meiklejohn, Sarah; Juels, Ari
title: Forsage: Anatomy of a Smart-Contract Pyramid Scheme
date: 2021-05-10
journal: nan
DOI: nan
sha: fabccef90f648c6a2c8f8346652a77c6fcd6e573
doc_id: 514068
cord_uid: 4p6flxw4

Pyramid schemes are investment scams in which top-level participants in a hierarchical network recruit and profit from an expanding base of defrauded newer participants. Pyramid schemes have existed for over a century, but there have been no in-depth studies of their dynamics and communities because of the opacity of participants' transactions. In this paper, we present an empirical study of Forsage, a pyramid scheme implemented as a smart contract and at its peak one of the largest consumers of resources in Ethereum. As a smart contract, Forsage makes its (byte)code and all of its transactions visible on the blockchain. We take advantage of this unprecedented transparency to gain insight into the mechanics, impact on participants, and evolution of Forsage. We quantify the (multi-million-dollar) gains of top-level participants as well as the losses of the vast majority (around 88%) of users. We analyze Forsage code both manually and using a purpose-built transaction simulator to uncover the complex mechanics of the scheme. Through complementary study of promotional videos and social media, we show how Forsage promoters have leveraged the unique features of smart contracts to lure users with false claims of trustworthiness and profitability, and how Forsage activity is concentrated within a small number of national communities.

Cryptocurrencies and smart contracts are new and powerful technologies that promise a range of benefits, including faster monetary transactions, innovative financial instruments, and global financial inclusion for the world's unbanked. Conversely, though, these same technologies have fueled new forms of fraud and theft [34, 42] and new ways of perpetrating existing types of crime [24, 31] .

Pyramid schemes, for example, are a prevalent type of scam in which top-tier participants in a hierarchical network recruit and profit at the expense of an expanding base of new participants. They have existed for more than a century, but have recently emerged in a new form: as smart contracts on blockchains such as Ethereum.

Smart contracts are in some ways an ideal medium for pyramid schemes and other scams. Because they run in decentralized systems, they cannot easily be dismantled by law enforcement agencies. They can instantaneously ingest payments from victims across the globe. They provide privacy protection for their creators in the form of pseudonymous addresses. Finally, as so-called "trustless" applications-with world-readable (byte)code-they present a veneer of trustworthiness to unsuspecting users.

The flip side of such transparency is that smart contracts offer researchers a degree of visibility into the mechanics of online (and offline) scams that is without historical precedent. Not only is the (byte)code specifying the scam's mechanics visible on chain, but so is every transaction performed by every participant.

In this paper, we take advantage of this newfound visibility to conduct an in-depth measurement study of the largest smart contract-based pyramid scheme to date, called Forsage Smartway or Forsage for short.

Forsage came into existence in late January 2020. It was at one point the second most active contract in Ethereum by daily transaction count, and remains in the top twenty at the time of writing. As we show throughout this paper, it is a classic pyramid scheme, defined by the SEC as "a type of fraud in which participants profit almost exclusively through recruiting other people to participate in the program" [2] . The Forsage contract requires players to send currency (Ether) in order to participate. Funds sent by newly recruited users immediately pass through the contract to existing players, with those at the top of the (smart contract-defined) pyramid obtaining the largest returns.

Understanding the success of Forsage requires study of not just the contract itself, but also its community of hundreds of thousands of users, many of whom have actively discussed and marketed the scam. Consequently, to paint a detailed picture of how Forsage lures and defrauds users, our study combines measurement and analysis of a range of complementary forms of data, including source code, on-chain transaction data, and social media interactions.

Our results come from three basic, mutually illuminating forms of study: smart contract deconstruction (Section 4), blockchain analytics (Section 5), and analysis of video and social media interactions (Section 6).

We believe that our study's findings are not just relevant to Forsage, but provide durable insights into the conception, mechanics, and evolution of smart-contract scams and financial scams more generally. They also point to effective strategies that government authorities and the cryptocurrency community can use to combat pyramid schemes and other scams, as we discuss in Section 7.

Contract deconstruction: Forsage promoters highlight the "transparency" of the contract, emphasizing that its source code is public.

We present the results of our effort to deconstruct Forsage and obtain a detailed description of the scheme's dynamics. We show that the scheme does indeed operate as a pyramid, with a small number of users at the top after having recruited a much larger number of users.

We also quantify the cost of Forsage's complexity in terms of onchain transaction fees, showing that Forsage transactions consume far more gas than most other Ethereum transactions and thus cost more for its users.

Contract measurement study: Through a measurement of Forsage transactions on the Ethereum blockchain, we document the flow of 721k ETH (226M USD) through Forsage from its creation to January 2021. One of our most striking findings is characteristic of pyramid schemes: The vast majority of Forsage players have lost money, with net losses for over 88% of players. A small few at the top of the pyramid have profited handsomely, e.g., the contract owner, who has received over 5000 ETH (1.2M USD). To the best of our knowledge, our study offers the first precise quantification of payouts and losses in any large pyramid scheme, internet-based or historical.

Community study: Through analysis of videos, social media, and contract evolution, we characterize the dynamics of the Forsage community.

False claims of profitability and trustworthiness are typical of pyramid schemes and well represented in Forsage marketing videos and social media posts. We manually coded the repeated claims made by the top English-language Forsage videos-for example, the false claim that players can earn thousands of dollars without recruiting others. Forsage videos additionally underscore the ways in which Forsage innovates on previous pyramid schemes, however, by leveraging smart contracts, for instance, with the claim that smart contracts inherently cannot be scams.

Our study also sheds light on the background and evolution of the Forsage community. Using a combination of location data from Facebook, tagged tweets, and YouTube channel annotations, we show that Forsage activity is internationally broad, but highly concentrated within a few geographies (e.g., western Africa).

In summary, the main contributions of our study of Forsage in this paper are:

• Contract deconstruction: Using a tool for transaction simulation that is of possible independent interest, we detail the operating rules of Forsage and show the concentration of power and wealth at the top of its defined pyramid(s). • Contract measurement study: In a measurement study of Forsage contract activity on Ethereum, we document the flow of funds and show monetary losses by the vast majority of users. • Community-dynamics study: By tagging claims in promotional videos and studying social media interactions around Forsage, we document tactics used to attract users and the geographical distribution of users.

We emphasize that our results, which reveal a combination of classic and smart contract-specific scam characteristics, offer insights not just into Forsage, but into both blockchain and nonblockchain scams more generally.

Forsage is realized as a smart contract. Smart contracts are applications that execute on blockchains, decentralized systems that indelibly and immutably record transactions in an authoritative sequence and are best known as the platforms that realize cryptocurrencies such as Bitcoin.

The most popular public (permissionless) blockchain for smart contracts today is Ethereum [12] , whose native currency is known as Ether (ETH). Ethereum smart contracts are launched in the form of bytecode that runs in a Turing-complete environment known as the Ethereum Virtual Machine (EVM). Smart contract creators often also publish corresponding source code, typically written in the Solidity programming language, but such publication is optional. Transactions sent to smart contracts by users are processed by contract code and are publicly visible on chain.

Transactions may send money to a contract from user accounts or other contracts and must specify payment of execution fees to miners in the form of gas, a parallel currency converted into ETH upon transaction execution. This conversion is calculated by multiplying the amount of work performed by a transaction (its "gas consumed") by the price of gas in ETH set by user when submitting the transaction [37] .

Correctness of contract execution is enforced by the consensus mechanism underlying the Ethereum blockchain, so a miner's execution of contract code in the EVM must be agreed upon by all network participants to be included in a confirmed block.

Other permissionless blockchains with smart contract functionality are growing in popularity, e.g., Tron [15] , to which Forsage has also been ported. Ethereum, however, remains the dominant smart contract platform.

Scams, i.e., fraudulent schemes involving financial deception, have been documented for centuries. Many scams involving large populations of victims assume the form of pyramid schemes. The U.S. Securities and Exchange Commission (SEC) defines a pyramid scheme as "a type of fraud in which participants profit almost exclusively through recruiting other people to participate in the program" [2] . Pyramid schemes, which are illegal in most jurisdictions, come in a number of variants. One variant is a Ponzi scheme, which specifically involves investment in financial instruments. Multi-level marketing (MLM) schemes, which involve the sale of a product or service, are related to pyramid schemes. They are legal in the U.S., but outlawed in some jurisdictions (e.g., China) [1].

A multitude of scams have arisen within the blockchain ecosystem. Some scams have solicited investments from victims in new blockchain technologies. Examples include Onecoin, a Ponzi scheme that involved a fake (centralized) blockchain in which victims invested $19+ billion [21] , Bitconnect, a token that promised returns of 1% per day and saw investment of $3.5 billion from victims, as well as other, related $1+ billion schemes such as Plustoken and WoToken.pro [10, 29] .

Other scams instead use blockchain technology to realize variants of scams, such as pyramid schemes, that were seen well before the advent of blockchains. Prominent examples are Million.Money 1 and Doubleway.io 2 , which are both currently active, as well as the defunct scheme Bullrun.live. 3 All three have similarities with Forsage: they use similar promotional materials, have a similar structure for the user dashboard, and use similar language and terminology (e.g., a referrer to the program is called an "upline"). We explore Forsage user interactions with multiple scam contracts in section 5.2.

The creators and promoters of Forsage advertise it as a matrix MLM scheme, despite the lack of a service or product. It operates primarily on Ethereum, where its initial Matrix contract has been active since January 31st, 2020. Since then, Forsage creators have also launched a Forsage contract on Tron (TRX) and an additional, followup smart contracts called Forsage xGold on both Tron and Ethereum. At the time of this writing, the Forsage authors are in the process of writing a Forsage Binance Smart Chain (BSC) contract.

The Forsage website: Users interact with Forsage using the forsage.io website, which shows how much they have paid into and earned from the contract. The website encourages the use of userfriendly cryptocurrency tools. It shows users how to purchase cryptocurrency using Trust Wallet, a user-friendly tool to exchange fiat for cryptocurrency, and how to use MetaMask, a browser extension that allows users to easily transact with cryptocurrency.

The combination of these tools makes Forsage accessible to novice users who may not previously have used cryptocurrencies or smart contracts. Screenshots of the Forsage website, showing the different matrices and their structure, can be found in Appendix D.

Forsage use and structure: A new Forsage user must pay a minimum of 0.05 ETH, which opens up the slot at the first level in the two matrix systems, called X3 and X4. Each matrix consists of 12 slots. To unlock the ability to use the next slot (at level + 1), a user must pay twice as much ETH as for their currently highest slot (at level ). In both X3 and X4, the first slot costs 0.025 ETH, while the twelfth and final slot costs 51.2 ETH. This means that the total cost to open all slots in either matrix is 102.375 ETH.

Each Forsage user has a referral code, created at the time they register. The referral code links a recruited user's account to the account that recruited them, called their upline. These referral codes thus organize Forsage users into pyramids, with the oldest accounts at the top. Payments flow upwards within a pyramid as additional users join it.

The pyramids of users linked by chains of referral code are referred to as Forsage teams. It is possible to join Forsage without entering a referral code; users who do so are assigned the referral code of the contract owner (the creator).

Section 4 contains an explanation of the logic for payment flow of user funds sent through the Forsage contract. Briefly, users earn money in the X3 and X4 matrices as follows.

X3: In X3, users earn income by recruiting others into the system.

A user must recruit three additional users to recoup their initial investment within each slot. Any recruits beyond the first three per slot will generate income for the recruiting user and those further up in their pyramid. Each subsequent slot costs more to open, but its resulting payout if filled with recruits will be higher because the expected payout for each three recruits is equal to the initial cost to open the slot for the recruiter. After a user fills a slot (i.e. recruits 3 users into that slot), Forsage blocks the filled slot, causing the user to forfeit future earnings from it until it is unblocked.

Unblocking means paying to open the slot at the next level up in the system, at which point this lower-level slot cannot become blocked again. X4: In X4, users can earn both by recruiting other users and by being on an active team. When a user recruits the six additional users necessary to recoup their initial investment in an X4 slot (twice as many as are required in X3), that slot becomes blocked and the user will have received the same amount of money paid to open the slot, with others in their team getting paid as well. X4 also has an element of competition: If a newer user on a team is more active than the user whose referral code they used to join Forsage, that user can switch spots on the team, giving the more active, newer user the profits that would otherwise flow to the older, referring account [27] .

Forsage promotional materials imply that the system is trustworthy because its code is open-source, e.g., the promotional materials claim that the contract "guarantees the purity of conditions." We took advantage of the availability of the source code to conduct an in-depth analysis of the smart contract's logic and data structures.

Methodology and data collection: The code for the Matrix smart contract is published on Etherscan. 4 We first attempted manual source code review, but found the logic too confusing to follow without visualization. We then built a simulator in Python that deployed the contract to a local private test network of Go-Ethereum (Geth) nodes, 5 and used Web3.py 6 to send sample transactions. We also wrote a visualizer for the contract's state machine using GraphViz [14] . The output of that visualizer assisted in creating Figure 1 , which depicts the data stored in the contract. Although the open source code is pointed to as a source of legitimacy by Forsage promotional materials, our analysis of the contract took weeks of focused effort by a professional research engineer. Our code for the visualizer and simulator tools are released as open source software on https://github.com/initc3/forsage.

When the Forsage team launched their Tron implementation of the Matrix smart contract, they also released its source code. We found this Tron code to be nearly identical to the Ethereum original, so we did not specifically analyze it. The latest iteration of Forsage launched on both Ethereum and Tron (as of May 2021), the xGold contract, has no publicly available source code. The Ethereum and Tron blockchains include the data for all transactions performed by Forsage users. We mined this publicly available data to perform further analysis. To obtain Ethereum data we ran the Go-Ethereum (Geth) 7 and TurboGeth 8 full-node and archive-node software packages, and downloaded the entire blockchain up to January 14, 2021.

We then used the Ethereum-ETL 9 package to retrieve this data from Geth and store the 345 million transactions included in the Ethereum blockchain between the launch of Forsage (January 31, 2020) and January 14, 2021. We wrote custom Python scripts to analyze this data and found 222,516,680 transactions that involved function calls on smart contracts, of which 3,266,722 were to the Forsage smart contract. To profile user transactions outside Forsage, we used the Chainalysis Reactor tool. 10 Chainalysis Reactor is a web-based investigation platform that connects cryptocurrency transactions to real-world entities, using tags that are either internal to Chainalysis or gathered from public websites and documents.

To collect Tron transaction data we scraped the TronScan API 11 and parsed the results directly into CSV form.

Forsage data structures: As discussed in Section 3, Forsage consists of two matrix systems, X3 and X4, each consisting of 12 slots. These two matrices differ in the number of users that act to fill each matrix level (three for X3, six for X4) and the logic for how nodes propagate through them over time.

The data for each user is stored in a hashtable (Solidity mapping) on the Ethereum blockchain, with the key being the user's address and the value being a Solidity struct with the data for that user's state tree and arrays of pointers to its children. Figure 1 visualizes this mapping for a user's X3 tree, with some minor metadata variables omitted. Each user also has an X4 tree, whose structure is largely similar. As seen in this figure, each user has an upline, which is the user that referred them to the contract. This is distinct from slotReferrer, a variable used per slot as part of the payment logic. The slotReferrer variable is initialized to the upline, but changes over time as users refer each other. The reinvestCount variable keeps track of the number of times a slot has been filled. In our example, Charlie has filled his first matrix slot once already (and then Table 1 : Average number of instruction operations per transaction, with standard deviation, for both all transactions and only those that interact with Forsage. Due to the intensive computation required to process this data, this table covers only the thousand blocks between block heights 10,600,000 and 10,601,000 (Roughly 13:00-18:00 UTC on August 5th, 2020) rather than our larger dataset including all transactions from 2020. This smaller dataset still contains 188,920 transactions that interact with smart contracts, 5667 of which interact with Forsage.

unblocked it by buying a slot at level 2), meaning he has referred 3 × reinvestCount + 2 = 5 = partnersCount users.

External API:. The contract exposes 15 functions to read its state, and two state-changing functions, registrationExt and buyNewLevel. The first registers new users and thus adds them to the contract state. The second changes contract state for an existing user to allow them to continue to gain money from new referrals.

The placement of new users in the contract state depends on the X3 and X4 slots for the user that referred them (their upline). The logic of the contract scrambles positions in the upline's matrices and in the matrices of the upline's parent when an upline's slot becomes full, i.e. every time the upline refers a multiple of three users to a given X3 slot (partnersCount mod 3 = 0), or a multiple of six users to a given X4 slot. The logic of scrambling leaf nodes in the pyramid depends on the state of the slot referrer variable for the affected matrix slot, as well as the blocked variable for that slot, and in the X4 system an additional closedPart variable for each slot. Scrambling the positions of the existing users in the system helps to make payments through Forsage (falsely!) appear more random. It benefits older users in the pyramid, as users are usually scrambled "up" the pyramid to become children of older users rather than newer ones.

Transaction fees: The fact that Forsage has so much persistent on-chain storage means that its users pay higher gas fees than the average for Ethereum contracts, due to the heavy usage of the (expensive) SLOAD and SSTORE opcodes. These fees are higher even when comparing Forsage transactions only to other contract function calls in Ethereum (so in particular ignoring simple sends of ETH). In our collected dataset of Ethereum network transactions, we found that the mean transaction fee for all Ethereum transactions that interacted with a contract was 0.00632 ETH with a standard deviation of 0.0618 ETH and a median of 0.00257 ETH. Forsage transactions paid a higher average transaction fee of 0.0116 ETH with a standard deviation of 0.0108 ETH and a median of 0.00883 ETH. Forsage users pay more than four times as much on average as other smart contract users. The most gas-expensive EVM operations/opcodes are those that create a new contract (CREATE, CREATE2); store, change, and access data into persistent on-chain state (SSTORE, SLOAD), and call contract functions or send money to other users in the network (CALL) [37] . Every transaction that interacts with Forsage through its two main functions, registrationExt and buyNewLevel, uses two of these three most expensive categories, often multiple times: they make use of persistent storage via SSTORE and SLOAD operations, and send money to other users on the network using Solidity operations that compile to the CALL opcode. Forsage uses an average number of CALL operations, but makes heavy use of SSTORE and SLOAD, as shown in Table 1 . Figure 2 shows a superimposed histogram of Forsage transactions relative to all Ethereum transactions. The higher gas consumption associated with Forsage results in higher transaction fees overall, as demonstrated by the right-shifted peak in the Forsage curve relative to that of all ETH transactions.

Payment logic: There are three ways for a user to get paid in Forsage: (1) by referring new users to the system; (2) when users they have referred in the past buy an additional matrix slot at a level corresponding to one previously purchased by the referrer; and (3) when spillover occurs, a condition in the X4 matrix resulting from the slots of another user downstream in the pyramid being blocked. Whenever money is sent to the smart contract by one user, the contract atomically (i.e., in the same transaction) sends those funds to other users based on the logic described below. This allows Forsage promotional materials to claim that the contract "never stores users' funds. "

When a user buys a new slot, the money they pay typically routes to the first found upline that also has that same slot open. Users are thus incentivized to buy new levels in order to refer users underneath them, which means a user can be generally successful by adding additional matrix slots just before referring additional users, and in general by recruiting as many users as possible. Figures 3 and 12 show the logic determining who gets paid when a new user registers with the Forsage contract, for both the X3 and X4 matrices. The logic for purchases of new slots (buyNewLevel) is largely similar but depends on the slot purchased rather than the first one (e.g., if a user buys the third slot then the logic is conditioned on the status of their upline's third slot).

The flowcharts in these figures show that uplines must keep their slots from becoming blocked, or payments will skip over them. To prevent a slot from becoming blocked, a user must buy the slot at the next level. This will also unblock an existing slot if it already has become blocked, and prevent the slot at − 1 from ever becoming blocked again. Figure 4 shows the distribution of levels purchased in aggregate for all users in the Forsage contract, as well as the summed profitability for the group of users that purchased that many slot levels. In general users that purchased more levels were also the most profitable users: The average user of the contract purchased 2.13 levels, with a standard deviation of 2.89 and a median of 1 level purchased.

When a new user joins the system, their payment is split into two equal parts and the logic in the flowchart is applied to each half, with one half going through the X3 flowchart and one half through the X4 flowchart, to determine which other user(s) should get each half of the payment. If the direct upline of this new user is not blocked, then the upline gets the payment. If the upline has a blocked slot, the contract checks the upline's upline for that matrix slot level to see if it is blocked. This iterates through uplines until the contract finds one that is unblocked, which it then pays. The contract owner (i.e., the user that created the contract) is always unblocked, so the contract always finds a user to pay. This can sometimes result in the same user being payed twice (once by each half), or uncles and aunts being paid by their nephews and nieces in the tree if it has been previously scrambled. This condition is called spillover. Spillover means that it is possible to earn money by receiving payments that should have gone to another user who had blocked slots. This passive earning is possible only in the X4 system, and only if a spillover recipient's upline is blocked and cannot currently receive payment. A given user's chance of spillover is unpredictable, because it depends on the actions of other users. In our analysis of the transactions to Forsage from its conception until January 14th, 2021, we found that 35,251 transactions (only 1.08%) contained spillover payments. Of those transactions 63% were registrations, and the remaining 37% resulted from buying new levels.

Ethereum transaction costs are incurred by each interaction with the Forsage smart contract, and eat into users' profits. Any claims about user profit must thus take gas costs into account.

The privileged role of the owner: The Forsage contract is initialized so that the owner account (i.e., the creator of the contract, 81ca...) has all matrix slots for both X3 and X4 opened for free. Likewise, the owner's slots can never become blocked. This creates ample opportunities for the owner to profit from the contract, which we confirm empirically in Section 5.

Beyond the ability to earn money by referring users, the owner also has additional opportunities to earn money passively. If a user sends the contract exactly 0.05 ether for registration without specifically calling the registration function, or calling a function that does not exist, that function call is rerouted to the registration function with the owner set as the user's upline. Likewise, if the upline gets replaced as the referrer, it is always replaced with a user further up in the pyramid. Thus, as users refer others and have their slots blocked as a result, the upline for all users eventually converges to the owner of the contract. Finally, the logic that prevents the owner's slots from becoming blocked also means that the owner's children do not change once set. This means that the owner maintains the oldest users in the pyramid as children, which results in high spillover in the X4 matrix.

We found that the slotReferrer variable was set to the contract owner for 9220 slots in the Forsage contract. By comparison, the average Forsage user was set as the referrer for 4.14 other accounts (with a standard deviation of 15.92) and the median account was set as the referrer for one other account. Figure 5 shows the full distribution of referrers for all accounts.

In this section, we present the results of our measurement study of Forsage contract transactions, which encompasses all monetary transactions in the scheme. A description of our data collection process is in Section 4. We first present statistics capturing the degree of user interaction with the various Forsage contracts on Ethereum and Tron (Section 5.1). We then present an analysis of the account behaviour and profits over the Forsage user population (Section 5.2), in particular analyzing where funds are obtained and how funds flow through the five most profitable accounts. Table 2 shows a summary of statistics for the four official Forsage contracts, and one additional contract, TRX Clone, which is a cloned version of the Ethereum Matrix contract operating on Tron. This clone launched before the official TRX Matrix contract, and has a different domain 12 but with graphics and style akin to the official website. The official Forsage website added a warning after the clone's appearance, asking users to "beware of fake resources" and stating that the "forsage.io" website is the only official domain.

The table shows that the official Forsage contracts amassed over 267M USD within the first year of operation. Among all of these contracts, the ETH Matrix contract brought in the most money and raised the highest amount on a single day: 3.7 million USD on August 1, 2020. The more recent xGold contracts (deployed on both Ethereum and Tron) were sent a combined 11.53 million USD in ETH and TRX in less than two months. Figure 6 shows the number of transactions received by each contract over time. For each contract introduced after the original ETH Matrix one, we observe a large number of initial transactions followed by a substantial drop. We also see a decline in the number of transactions sent to the original ETH Matrix contract after the other contracts become available. Given the relatively longevity and popularity of the ETH Matrix contract, we focus primarily on it for the remainder of this section.

To illustrate the popularity of Forsage, Figure 7 shows the number of daily transactions associated with the six most popular contracts across a six-month period in 2020. Of these contracts, Tether and USDC are stablecoins; Uniswap is a decentralized exchange; and Easy Club, MMBSC Global, and Forsage are believed to be scams/pyramid schemes. We can see that Tether is consistently the most popular contract and that for most of its peak from June to August, Forsage (as represented by ETH Matrix) had the second highest transaction rate among Ethereum smart contracts. This data is supported by Google Trends results for 2020: From April to August of 2020, Forsage had the highest search traffic globally of any of the smart contracts we studied, including both Tether and Uniswap, the two most heavily used smart contracts on the network as of the time of writing.

To understand how Forsage users obtained the funds needed to interact with the contract, we looked at the transactions that sent ETH to their accounts, and at when their accounts first became active. Figure 8 shows the ETH received by Forsage users over time and the cumulative count of active Forsage-related accounts (i.e., the first time an account was used that later interacted with the Forsage contract), with a vertical line indicating when Forsage was deployed.

It is clear that these accounts became active and began to receive substantially more ether after the deployment of Forsage; in fact, 98.89% of Forsage users had accounts that did not exist (or at least did not transact) before Forsage. We found a similar increase when looking at the number of transactions conducted by these users as well: prior to the deployment of Forsage, 11k accounts were involved in 278k transactions, but after Forsage's release this increased to 1.04M users engaging in 16M transactions. While the curve in Figure 8 looks quite steep given the timescale, it in fact reflects a steady growth in the first appearance of accounts between April and August 2020, which aligns with the peak of Forsage we saw in Figure 7 . Each of these months saw thousands of new accounts appearing per day, on average: 1659 in April, 3653 in May, 8272 in June, 10,798 in July, and 4987 in August. In contrast there were at most 20 new accounts appearing per day for each month in 2019 (except December, when there were 68).

To identify which types of services were the source of this money, we used tags from Etherscan. Of the ETH sent to Forsage users, over 56% (1.5M) came from untagged sources, and only 15% came from known exchanges, with 5% of this coming from the decentralized exchange Uniswap. As mentioned in Section 3, Forsage promotional material recommends that users obtain ETH from TrustWallet. This is a non-custodial service, which means accounts are associated with individual users rather than with the exchange. Thus, if most users followed this advice, we would expect to see that most of the ETH came from untagged sources. Figures 9 and 10 show a histogram of all of the accounts that interacted with the ETH Matrix contract organized by the amount of money either gained or lost by each account (including the amount spent on transaction fees) as of January 14, 2021. In total, of the 1.04 million Ethereum addresses that took part in the ETH Matrix scheme, only 11.8% (123,979) earned a profit. These profitable accounts made 265,618.52 ETH collectively, and the loss-making accounts (919,194 in total) lost 305,785.44 ETH collectively (0.33 ETH on average). We revisit these profit-making accounts below. Users incur additional losses from the high gas fees paid for transacting with the contract, as explained in Section 4.

Profit-making accounts: The five addresses with the highest profits in Forsage can be found in Table 3 . Perhaps unsurprisingly given our discussion in Section 4, the most profitable Forsage user is the owner of the contract, who earned 5409.6 ETH, or 2.04% of the total profits. Collectively, the five most profitable users made 14,325.7 ETH, or 5.4% of profits, despite representing only 0.0004% of users. The top 1000 users made 50% of the total profits.

Examination of the five most profitable addresses shows that the most profitable address is another Ethereum contract created by the owner of the ETH Matrix contract. Of the money received by this contract, 99% came from ETH Matrix. The fourth highest earner sent 9% of received ETH directly back to Forsage. In fact, if we follow all the addresses to which this user sent money, we see over 1321 ETH sent back to Forsage eventually.

Similarly, the fifth highest earner sent 204 ETH directly back to Forsage.

Some of the top addresses interact directly with other known scams, such as Beurax.com and TorqueBot.net, meaning they sent or received coins directly from addresses associated with these scams. The top five profit-making accounts received 6.987 ETH from these scams.

Interestingly, the first transaction sent to the address that deployed Forsage was from 0xb1..., which is the Ethereum address that deployed Million.money. This suggests interaction between smart contract-based scam operators.

Finally, we consider the extent to which users who profited by interacting with the Forsage ETH Matrix contract also interacted with other Forsage contracts. The ETH xGold contract has 17,560 users, of which 17,129 (97.5%) also interacted with ETH Matrix. Furthermore, the highest earner in xGold was the third highest earner in Matrix, the fourth highest xGold earner was the seventh highest earner in Matrix, and the eighth highest earner in xGold was the second highest earner in Matrix. These three earners (all of which are within the ten wealthiest Matrix users) hold 21.85% of net profits in xGold.

This suggests that at least some prominent users of Matrix did indeed migrate over to xGold.

Methodology: We studied the Forsage community by examining the presence of Forsage on social media. The Forsage website promotes official social media presences on Facebook, Instagram, Telegram, Twitter, and YouTube. All of these services have official APIs to collect data, but some of the research we conducted required manual interaction with the various social websites via a web browser, or more sophisticated data collection techniques like web scraping.

We manually watched YouTube videos to understand the claims that Forsage promotional videos make, as discussed in Section 6.1, and made requests to the public YouTube API for view count and other popularity-related data. 13 To get a sense of Forsage's Facebook and Instagram presence, we manually browsed various Facebook groups and official Instagram accounts and leveraged the Facebook and Instagram Graph APIs. 14 Facebook group data is not available on the Graph API so we wrote a custom Python script leveraging the Selenium WebDriver browser automation tool to collect more in-depth data about Forsage Facebook groups and their users. 15 This yielded a dataset of just over 5000 of the most recent members from the largest Facebook group dedicated to Forsage. 16 Using the Twitter API for academic researchers, 17 we were able to scrape all tweets with the word "Forsage" from January 1, 2020 until February 13, 2021. We used the official Telegram API 18 to collect information about telegram groups related to Forsage.

Community size. Forsage has a substantial presence on the social network sites that they target. This includes: 19 that hosts a tips and tricks section, blog-post style news, a frequently asked questions section, "academy courses" that include video lectures on how to be an effective multi-level-marketer, and a Stack-Overflow-like site where users can ask questions and "Forsage Community Authors" answer.

A substantial amount of the Forsage online social media ecosystem may be driven by bots. We ran the University of Indiana's Observatory on Social Media (OSoMe) Botometer tool [33] on our collected dataset of tweets and found that the tool identified roughly 47% of the Forsage-related tweets we collected as coming from likely bot accounts. For comparison, in March of 2017, Varol et al. [35] used an earlier version of the Botometer tool to perform a measurement study across all of Twitter and found that "between 9 and 15% of active Twitter accounts are bots. "

Forsage promotional materials offer a window into users' expectations for the contract. They also provides insight into how mention of the technical properties of blockchain technology is harnessed to manipulate novice users. We find that the information gap between those who understand blockchain technology and the broader community provides opportunities for scammers.

YouTube is a primary promotional channel for Forsage. Each participant joining Forsage is referred to an official YouTube video explaining the program [27] . We searched YouTube for English language videos with "Forsage" in the title and tracked the claims that repeat across videos to measure user expectations for Forsage. The search for most viewed videos about Forsage also returned promotional videos in Tagalog, Russian, Hindi, Tamil, Bangala, Telugu, Indonesian, and Spanish. Quasi-official (they share the same branding) Telegram chat groups for Forsage news exist in English, Spanish, French, Italian, Russian, Arabic, Portuguese, Hindi, Tamil, German, Azerbaijani, and Turkish.

Recommendation algorithms, like the one used by YouTube for search results, work in terms of popularity measured in views. The most viewed videos on YouTube are the most likely to be seen by users. We selected the top ten videos by views to qualitatively measure what users who search for informational videos about Forsage would see and hear about the program and gain a sense of participant expectations. We did so by coding the claims asserted about Forsage in these videos. We focused on just the top ten videos because coding claims is a labor-intensive, manual process. A researcher watched each video and noted if each video contained any instance of certain claims (see Table 4 and Appendix B). Each video was watched and coded twice to ensure accuracy. The top ten YouTube videos we coded had between 267,008 views (1st) and 61,996 views (10th). Beyond the videos we coded, the 11th most viewed video had just over 50,000 views 20 and the 20th had 33,000 views. 21 The top 10 "Forsage" YouTube videos by views as of December 14, 2020 (see Appendix B) fit into three categories: official promotion, user-led recruitment, and user reviews. Two of the videos were official promotion posted to Forsage's YouTube channel [27, 28] . Table 4 shows the repeated claims across the top ten videos.

In recruiting new users, Forsage promoters pointed to users who earned tens of thousands of dollars per day and hundreds of thousands of dollars per month, showing images of successful users' Forsage dashboards displaying six-figure returns. Forsage official promotion videos highlight the immutable nature of the smart contract and the transparency of Ethereum as proof that Forsage cannot be a scam. They also make claims about the lifechanging wealth and unstoppable, passive income that users could unlock from the Forsage contract. 20 https://www.youtube.com/watch?v=aGi5G5mTCUM 21 https://www.youtube.com/watch?v=9vlOYRSLaHI

Forsage promotional videos also provide basic explanations of blockchains, Ethereum, smart contracts, and how to use a cryptocurrency wallet to pay the contract, implying that they expect users to be cryptocurrency novices. Only one of the top ten videos identifies Forsage as a scam and warns users against using it.

Many of the incorrect claims made in the Forsage promotional YouTube videos also appear on the Forsage website and in the questions section of the official Forsage Community website.

Since transactions on the Ethereum network do not carry any inherent geographic metadata, we turned to social media analysis in order to gain a sense of the geographic placement of people interested in Forsage. In the data we collected on members of Forsage-related Facebook groups, we found 771 users that publicly listed a country location on their Facebook profile. We also found 10,200 unique Twitter accounts that publicly posted their geographic location. YouTube does not expose information about geographic location of the consumers of YouTube videos, but YouTube channels that produce videos can choose to include country location in their channel profile. We summarize this data for the five countries with the highest number of active users in Table 5 . Despite having a substantial population and being the nationality of the founders of Forsage, Russia was not a large source of Twitter or Facebook content, although the country did produce a large number of YouTube videos and content about Forsage.

The high number of Forsage users in the Philippines may explain why the Philippines SEC took action to raise awareness about the malicious intent behind Forsage [3, 6] , unlike other countries. Likewise, Nigeria has high penetration rates for both cryptocurrency and Forsage, and has recently banned cryptocurrency payments from its banking sector [7] . While each of these five countries had high Forsage activity in absolute terms, they also have large populations. We thus normalized our Facebook and Twitter data relative to the specific populations on each service for each country (i.e., the number of people per country divided by a public estimate of the number of Facebook and Twitter users in that country) to get The intensity of color from white to red is scaled linearly from the 0th percentile of data to the 90th percentile, and everything above 90% of the data is colored the same shade of dark red. This slightly understates the relative depth of penetration in outlier countries like Nigeria. For the full list of countries and their scores, see Appendix A.

a sense of the number of Facebook and Twitter users, per 100,000 users, that interacted on each platform with the Forsage topic. Statistics for the number of Facebook and Twitter users per country came from Miniwatts Marketing Group, WeAreSocial, and Hootsuite [16, 19] . We did not include the YouTube data at this stage as it was too small to be useful. We gave equal weight to the numbers for Facebook and Twitter to produce the heat map in Figure 11 .

Our normalized data showed that Forsage is most popular in Nigeria and the African continent, the Philippines, and Venezuela. Greenland, the Seychelles, and some Caribbean islands may appear to have heavy Forsage penetration, but may be outliers due to small population sizes. Google Trends traffic and geographic data agree with our conclusions: Google Trends shows the greatest amount of population-adjusted search traffic in Nigeria and surrounding West African countries, and shows a peak in user search interest in July 2020, which is when we observed a similar peak in transactions involved Forsage in Figure 6 .

Familiarity with cryptocurrency does not appear to have any positive or negative correlation with interest in Forsage: The 2021 Statista Global Consumer Survey [11] lists the top countries globally with the reported highest number of cryptocurrency users. Vietnam (#2) and China (#3) both had relatively high levels of cryptocurrency use, but low levels of interest in Forsage. Similarly, familiarity with cryptocurrency does not appear to prevent people from falling for the Forsage scam, as in the case of Nigeria and the Philippines (#1 and #3 globally for cryptocurrency usage). Nigeria may be a special case, as Statista found that almost a third of Nigerians said they used cryptocurrency, far beyond most countries. It is also an outlier in the data for interest in Forsage.

From our analysis of Forsage user locations in Section 6.2, the majority of Forsage victims are located in only a few countries. This concentration lends itself well to a targeted education campaign and warnings from local financial leaders about the Forsage scam. For example, a simple user dashboard showing the number of Forsage users who lose money from the contract-more than 88% as of January 15th, 2020-could serve as an effective tool to combat disinformation from Forsage promoters about the wealth users can amass. Such statistics may be more effective than general warnings such as that issued by the Philippines SEC (see below).

Past cryptocurrency pyramid schemes, including Plustoken, Wetoken, Onecoin, and Bitconnect, have collapsed as a result of government sanctioning, which included the arrest or warrants for the arrest of the founders and leadership [10, 17, 21, 29] . Similar attempts have been made around the world in regards to Forsage. On June 30, 2020, The Philippines Securities and Exchange Commission (PSEC) issued numerous warnings declaring that Forsage was not a registered entity within their jurisdiction and was operating without a license. On September 30, 2020 the PSEC released a public announcement, mentioning that Forsage was publicly selling securities as investment contracts without a license [3] [4] [5] [6] . The PSEC served a cease-and-desist order. Forsage refused to comply, responding that they "are outside the Commission's jurisdiction." On March 22nd 2021, the Commissioner of Securities and Insurance of the U.S. state of Montana ordered Forsage to cease and desist from operating a pyramid scheme in Montana [25, 26] .

To date, the authors of this paper are unaware of any public arrests made in relation to the Forsage contract. The contract authors continue to profit and their Ethereum addresses actively submit transactions to the network.

Previous research has shown blocklisting can effectively combat scams and illicit activity. Moser et al. found that transaction blocklisting of illicit cryptocurrency funds is an effective additional layer above existing anti-money laundering (AML) and know-yourcustomer (KYC) requirements for cryptocurrencies [23] . Previous research in illicit online pharmaceutical sales found that the payment processing services are the most fragile part of the scam [22] . These services play a similar role in online pharmaceutical sales to fiat-accepting cryptocurrency exchanges in Forsage, suggesting that access to exchanges, which could be revoked with blocklisting, may be the the most fragile part of the scam.

Crypto Defenders Alliance (CDA) 22 and CryptoSafe Alliance 23 are two examples of groups that operate a blocklist.

On the other hand, blocklists can be biased and enable forms of censorship, and addresses that are blocked in one region may not be considered suspicious or criminal in other regions. To understand how professionals navigate these tensions, we spoke to an antimoney laundering cryptocurrency investigator at a high profile exchange. This expert expressed a belief that it is the responsibility of law enforcement and regulators to comment on whether or not an address should be blocked, and that it would be unfair and unjust to hold a user's funds without an explicit request from law enforcement or a court of competent jurisdiction. Nevertheless, some exchanges have joined the alliances mentioned above, due to the time and resources required to maintain a dedicated list of blocked addresses themselves.

Past research has sought to quantify and characterize scams running on Ethereum and in Bitcoin. For Ethereum based scams, Chen et al. used data mining and machine learning to detect Ponzi schemes [13] while Yu et al. modeled Ponzi scheme identification and detection as a node classification task [41] . Bartoletti et al. characterized and summarized the Ethereum Ponzi scheme ecosystem by comparing the code and promotion for Ethereum smart contract schemes [8] . They found that scammers use the guaranteed execution of smart contracts public nature of Ethereum to inspire confidence in their victims. For Bitcoin, Vasek et al. [36] and Bartoletti et al. [9] both worked to detect and model Bitcoin-based scams. These included Ponzi schemes that collect Bitcoin from victims, where Vasek et al. found that more than half of scams last less than one week. 22 https://cryptodefendersalliance.com/ 23 https://www.cryptosafe.org/ Paquet-Clouston et al. [30] and Xia et al. [38] studied specialized scams that leverage Bitcoin for payments: respectively, scams to extort payments using threats of revealing intimate data, and scams claiming to raise money for COVID-19 research and relief.

Other research has identified existing types of scams that have now migrated onto blockchains. One example is pump-and-dump schemes, where scammers use online chat services like Discord and Telegram to manipulate the price of cryptocurrencies and then sell their holdings of those cryptocurrencies for profit [18, 20, 39] . Other scams are new to blockchains and exploit their unique characteristics. One example is honeypot scams. These are executed using honeypot smart contracts, which are built to include financial traps within the contract itself [34] .

In past work characterizing the victims of blockchain-enabled scams, Phillips et al. [32] showed that victims tend to send funds from fiat-accepting cryptocurrency exchanges, making the scams accessible to novice cryptocurrency users. They also found that scammers often create multiple, similar scams, which run in parallel. Yousaf et al. showed that scammers use shifting services to convert Ether into other coins in an attempt to thwart tracking [40] .

We presented an in-depth measurement study of Forsage, a smartcontract pyramid scheme. Forsage is currently active and was at one time the second most actively used contract in Ethereum.

We found that community claims regarding the open and verifiable nature of Forsage are belied by the contract's considerable complexity. Our study consequently required a number of different data gathering approaches. It also required the creation of new tools-of potential independent interest and to be open-sourced-to analyze the state of the Forsage contract. Thanks to these tools, our study provides detailed insights into the mechanism design, transaction costs, and other features of Forsage.

Among our key findings were that the vast majority of Forsage accounts-over 88%-incurred losses, for a combined total loss of 305,785 ETH. The contract owner, in contrast, earned over 5000 ETH (well over 1M USD), while a small number of other accounts at the top of the pyramid earned similarly large sums.

Our analysis of Forsage promotional materials reveals that scammers in the Forsage community have taken advantage of misconceptions and misinformation about blockchain technology, using properties like open-source code and transaction transparency as a source of legitimacy with users who lack the skills necessary to understand the contract's behavior. Our analysis of Forsage on social media shows geographically distinct communities of scammers and victims, with the scammers based primarily in Russia and victims apparently located mainly in Nigeria, southern Africa, the Philippines, Venezuela, Indonesia, and India.

Public warnings about Forsage by entities such as the Philippines SEC have had little apparent effect. We show that Forsage creators have launched new and currently lucrative Forsage variants, some now on blockchains other than Ethereum. We hope that our findings can help stem this spread. In addition to providing insights that may serve to educate potential victims, our study demonstrates highly concentrated earnings among top-earning accounts, suggesting that targeted blocklisting could be an effective step to slow the growth of Forsage and contracts like it.

We would like to thank Chainalysis for use of their Reactor tool in support of this research. This work was funded by NSF grants CNS-1564102, CNS1704615, and CNS-1933655 as well as generous support from IC3 industry partners. Any opinions, findings, conclusions, or recommendations expressed here are those of the authors and may not reflect those of these sponsors. TTO 

MLM law of China: 'Prohibition of Chuanxiao

] 2013. Investor Alerts and Bulletins:Beware of Pyramid Schemes Posing as Multi-Level Marketing Programs

2020. SEC ISSUES CEASE AND DESIST ORDER AGAINST FORSAGE. (September 2020

Nigeria's Crypto Ban Fuels Mistrust in Government

Dissecting Ponzi schemes on Ethereum: Identification, analysis, and impact

Data Mining for Detecting Bitcoin Ponzi Schemes

The Most Famous Financial Pyramids in the Crypto World

How Common is Crypto?

A next-generation smart contract and decentralized application platform

Detecting Ponzi Schemes on Ethereum

Gordon Woodhull, Short Description, and Lucent Technologies

Tron: Advanced Decentralized Blockchain Platform

Miniwatts Marketing Group. 2021. Internet World Stats: Usage and Population Statistics

PlusToken Scammer Implicated in China's Second Ten-Figure Crypto Ponzi

The Economics of Cryptocurrency Pump and Dump Schemes

Digital in 2021: National Reports

To the moon: defining and detecting cryptocurrency pump-and-dumps

OneCoin: A deep dive into crypto's most notorious Ponzi scheme

PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs

USENIX Association

Effective cryptocurrency regulation through blacklisting

Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe

Office of the Commissioner of Securities and Insurance State of Montana

Office of the Commissioner of Securities and Insurance State of Montana. 2021. US State Issues Cease and Desist Order against DApp Forsage

Forsage Overview: Earn Ethereum Daily

Chinese Authorities Have Seized a Massive $4B in Crypto From PlusToken Scam

Spams Meet Cryptocurrencies: Sextortion in the Bitcoin Ecosystem

Tracing Cryptocurrency Scams: Clustering Replicated Advance-Fee and Phishing Websites

Tracing Cryptocurrency Scams: Clustering Replicated Advance-Fee and Phishing Websites

Detection of Novel Social Bots by Ensembles of Specialized Classifiers

The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts

Online Human-Bot Interactions: Detection, Estimation, and Characterization

Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams

Ethereum: A Secure Decentralized Generalized Transaction Ledger

Gang Huang, and Xuanzhe Liu. 2020. Don't Fish in Troubled Waters! Characterizing Coronavirus-themed Cryptocurrency Scams

The Anatomy of a Cryptocurrency Pump-and-Dump Scheme

Tracing Transactions Across Cryptocurrency Ledgers

Ponzi Scheme Detection in EthereumTransaction Network

The DAO attack paradoxes in propositional logic

Rank Title Views Link 1 Forsage Overview: Earn Ethereum Daily! 267 008

Forsage Presentation -How does Forsage work 120 425

FORSAGE: HOW TO EARN WITHOUT RECRUITING ANYONE IN FORSAGE 117 931

Forsage Smart Contract Review -Is It A SCAM Or Legit Ethereum MLM?

Forsage Smart Contract $1,778 Made Without Referring a Single Person 91 188

Forsage Review -Is Forsage a Scam or Legit? 79 264

10 how to make money on forsage without referring anyone 61 996

Note that in the following table, any country that is not listed had no observed interactions with Forsage in our data set discussed in section 6.Country