The main complaint by Jason Mo is that Phenom Poker's CEO (Matt Valeo) admits that there's still a shuffle being done off-chain, but the data being used to perform the shuffle comes from each player, and is encrypted.

Valeo claims this is better than normal site RNGs because data for that generation comes from each user, and thus no single user can use it to recreate the RNG for himself.

Mo counters that this is useless. He claims that getting this data from users introduces new potential vulnerabilities, as decryption of such data will make it easier for someone to reverse engineer the RNG at that point. He is basically saying that you might as well generate this stuff internally, rather than get it from users, where there's no way it can be intercepted. Additionally, since the actual random number generation is done off chain, there's no way for users to verify it's legit -- the whole point of doing it in a "trustless" fashion to begin with!


Mo is right about all this, but that's still not the main problem.

As I said, the huge glaring hole in this project is the inability to take money BACK from caught cheaters.