A weekly recap of the most insightful news, analysis, and capital flows in the wild west we call crypto.

Hello and welcome back to the Web3 Rewind! Per usual in this industry, lots has happened this past week. Here's what we have in store for you:

• Sexism in crypto

• CertiK, and Kraken drama

• 3iQ files for a Solana spot ETF

• CFTC probes Jump Crypto

• Standard Chartered plans to offer spot BTC and ETH trading

• Prediction market woes

The Latest

A check on sexism in web3

Security dept.

CertiK drama over Kraken bug

On June 9, Kraken received a bug bounty program alert from a security researcher. No specifics were disclosed but the email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on Kraken’s platform. It turns out, the bug was real. It allowed users to initiate a deposit on the platform and receive funds in their account without fully completing the deposit.

Here’s where it gets fun. Normally all is fine and dandy if you point out a bug to a bug bounty program. More often than not, you’ll even get a payout. However after Kraken’s security team dug further, they discovered that a certain individual had exploited this bug and withdrew roughly $3M. Not very smartly, this individual’s account had been KYC’d, and guess what, this individual was a security researcher at the auditing firm CertiK!

CertiK doesn’t have a great reputation in the crypto industry. They are very much high-volume business, which means that they often charge much less than competitors, which also means that protocols that have not raised a significant amount will likely go to them for their audits. CertiK pushed back on the allegations with much drama ensuing. For example, both parties couldn’t agree on the amount of funds that went missing. Apparently, CertiK was willing to return the money but Kraken wanted to pursue criminal charges, and Kraken didn’t provide a repayment address.

Security is tough in crypto, especially when smart contracts define the logic of everything, and any exploits can often lead to millions, or in rare cases, billions of dollars lost. Bug bounty programs are a key component of that. For example, LayerZero has a bug bounty program worth $15M, and Wormhole is the owner of the largest bug bounty paid out ever at $10M. Responsibly disclosing bugs is a tricky thing to do, and not everyone gets it right all the time. But what CertiK did was certainly a little too far off the end. — Joseph Cooper, Decential Media

Quick Bits

3iQ Corp. files for a SOL ETF in Canada

• 3iQ Digital Asset Management is a Canadian investment fund manager. They recently announced that they had submitted a preliminary prospectus for a SOL ETF in Canada.
  

• This would be the first Solana ETF in Canada. It is important to note that Canada had spot Bitcoin and Ethereum ETFs before the US even got future ETFs for either asset.

CFTC probes Jump Crypto

• Jump Crypto was without a doubt one of the main characters in the last cycle. From various notable spinoffs such as Pyth and Wormhole to its involvement in the entire Terra/LUNA debacle, they’ve had their fair share of controversy.

• It was recently announced that Jump Crypto was being probed by the CFTC, however it is unclear what the probe was related to. It’s important to note that an investigation is not evidence of wrongdoing. (Jump Crypto is an investor in Decential Media.)

Standard Chartered plans spot crypto trading desk

• Standard Chartered is establishing a spot trading desk for buying and selling Bitcoin and Ethereum. The new London-based desk will be part of the bank’s FX trading unit.

• This move would make it one of the first global banks to enter spot crypto trading, although many other banks have been offering derivatives exposure to crypto for years.

And last but not least

Polymarket and the future of prediction markets

LayerZero opened up their airdrop for claiming last week. I’m not going into airdrop dynamics for the 10th time this year, because I’m sure you, like many others, are sick of reading about airdrops that no one has a solution to fix. LayerZero did something slightly different for their airdrop. To claim it, you had to donate to Protocol Guild, which is a collective funding mechanism for 170+ Ethereum researchers and developers. This caused quite a stir on CT, with people calling it absolute bullshit that they had to “pay money” to receive free money. Just goes to show the entitlement that users in crypto have and how ruthlessly mercenary it is. Well anyway, this wasn’t what I wanted to talk about today. Polymarket is a web3 prediction markets platform that allows users to bet on the outcome of a wide variety of events. One of these events was whether LayerZero would have an airdrop by June 30.

Leading up to the airdrop, the market was trading at a 99% chance of a yes, given that LayerZero themselves announced that the airdrop was happening. Additionally, their CEO Bryan Pellegrino was going through sybil reports amidst a whole bunch of other public activities. However, after the protocol announced that users have to “donate” a small amount in order to claim the airdrop, the market plunged to a 50% chance of yes, as users argued about whether a donation required to claim the airdrop counts as an airdrop. Polymarket did previously clarify that for an event to be counted as an airdrop, “tokens need to be distributed to users’ wallets for free or claiming with a gas fee.” This means that technically, LayerZero’s donation for airdrop does not count as an airdrop. Over half a million dollars of bets were at stake for this market.

A similar event happened recently for the ETH ETF approval, where technically only the 19B-4 for the ETH ETFs were approved, but the individual S1 filings for each ETF issuer had not been approved yet. In both cases, there was a disconnect between how the market was interpreting the events, and how the actual event outcomes were defined. In both cases, Polymarket eventually resolved it to the spirit of the event, e.g. LayerZero’s airdrop was indeed an airdrop and a 19B-4 was good enough to count as an ETH ETF approval.

Polymarket relies on UMA protocol for resolution, which means a group of validators, or more accurately, UMA token-holders, vote on event disputes. Prediction markets will always face a constraint like this, especially for permissionless ones. It is impossible to expect a legal contract drafted by a professional lawyer to very granularly define all the event outcomes that qualify for a market to resolve either way. One day, there is going to be an ungodly amount of money at stake in a prediction market pool, and such an event will occur again. Only time will tell how this plays out, but perhaps we need to bring back economic security. — JC

Have you read the definitive history of Ethereum? No? Well then get your copy of Out of the Ether while you can.