It seems the server keeps everything in sync anyway. However, using memory editors such as CheatEngine it seems to be possible to find values and edit them. Search for your current amount of coins, for example, and replace with 999,999. However, most people have trouble making this stick, undoubtably because the server doesn't really accept anything from the client.
I propose another approach: have a look at what the client does to communicate with the server, and see if any of these methods could be vulnerable to attack.
If anyone else has any ideas, please share.
The server does keep everything in sync. Editing the amount of coins doesn't help because the client never sends that back to the server. I have been looking at the communication between the client and server and the client never transmits how many coins it has to the server. It only does transactions and the server maintains count of whether you have enough money to do that. EG, if you hack the memory location for coins to 100 coins, but actually have 5, then the client will let you plow a section of land. But the client will send a indication that it has plowed land to the server. The server will then respond with a success or a failure message, and will automatically deduct the cost of plowing from your account balance. If the server's coin count is 5 and you try to do an action that costs 10 coins, then it will send an error message that you don't have enough money to do that.
So cheatengine is not the way to go here. The communication between the client and server is probably the best way, but you probably won't get it to update the coin count on the server unless there is a command to do that that we don't know about (since the client never does this).
I have had some success modifying the requests and responses to and from the server, but most of that also only modifies the local variables of the client, so that doesn't really help anything.
I have found something that's fun (but mostly cosmetic to the client), but don't really want to advertise what it is on here. The problem of finding something and posting it here is that this will inform the game's developers that there is yet another hole that they need to patch. This is probably good for them, not so fun for me if I'm doing stuff that the client isn't supposed to allow.