- The Breakdown
- Posts
- 🟪 Thursday links
Thursday links: Qubits, hackers, exploits and bookies
Two “bombshell” research reports suggest quantum computers are much closer to hacking Bitcoin than previously thought.
One report, from Google, was considered so incendiary that the researchers hid their work behind zero-knowledge proofs — this appears to be a first.
For a near-precedent, quantum researcher Scott Aaronson reaches all the way back to 16th-century Italy, “when mathematicians would (for example) prove their ability to solve quartic equations by challenging their rivals to duels.”
(These intellectual duels, more popular than sword-fighting ones, were often held outdoors in front of rowdy crowds of math enthusiasts.)
The basic idea of the Google report (if I’ve understood it correctly) is that they’ve developed an algorithm that can break Bitcoin’s cryptography with a far less-powerful quantum computer than previously thought possible — 20 times less powerful, by some estimates.
“The Caltech group estimates that a mere 25,000 physical qubits might suffice for this,” Aaronson explains, “where a year ago the best estimates were in the millions.”
That computer does not exist right now. But it will, earlier than expected.
“How much time will this save?” Aaronson asks. “Maybe a year? Subtracting, of course, off a number of years that no one knows.”
A year is a lot. Nic Carter thinks “this means that the testing and deployment of a [post-quantum] signature scheme on Bitcoin has to occur in 2026.”
That seems unlikely. Polymarket bettors currently assign a 7% probability to Bitcoin replacing SHA-256, its cryptographic hashing function, before 2027.
That is admittedly a higher bar than Carter’s minimum-viable response. But it reflects the growing belief that Bitcoin developers will be too slow to respond to the quantum threat — which researchers are hard at work pulling forward.
Why are they picking on Bitcoin? I’m guessing because that’s where the money is. Or, the easiest money, at least.
If so, Bitcoin might someday be remembered primarily as a trillion-dollar honeypot that accelerated the advent of quantum computing.
The hackers behind this week’s big supply-chain attack — compromising an unknowable number of systems — appear to have cut their teeth on crypto.
Researchers at Google attribute the attack to a group sometimes referred to as CryptoCore — North Korean hackers who “have deep experience with supply chain attacks,” a Google researcher told The Hacker News. Historically, they’ve used these tactics to steal cryptocurrency.
In a nod to their roots, the hackers named the malicious file at the center of their campaign “[email protected]” — a Trojan horse bit of code disguised as a JavaScript library for crypto applications.
This is a familiar playbook from crypto supply-chain attacks: Slip malware into a popular code library and then steal the credentials of everyone who downloads it.
They’ve had plenty of practice: Much like the quantum cryptographers training on Bitcoin, North Korean hackers have refined their technique through years of crypto hacks (one as recently as February).
This one sounds more consequential, though. “Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks,” Google said.
Crypto continues to migrate from true believers to mercenary hackers.
The latest incident is a $270 million exploit of Drift Protocol, a popular perpetual futures exchange on Solana.
0xResearch has the best explainer of an intricate scheme that featured “durable nonces,” delayed-execution accounts, social engineering, and fake oracles.
This might explain why these things get so little attention outside of crypto — they’re too complex for any normal person to understand.
Also, there’s just so many of them. We’ve had at least 15 other DeFi exploits this year, with damages totalling up to $137 million.
With the addition of Drift, that’s over $400 million worth of crypto that’s moved from people who want to use DeFi to people who want to exploit it — and that’s only one category of exploits.
In January, ZachXBT reported on a social-engineering scam that liberated $282 million worth of litecoin and bitcoin from a single victim’s hardware.
Hardly anyone seemed to notice, which is understandable, because it’s not exactly man-bites-dog: an estimated $20 billion has been lost to crypto hacks since 2017.
Bloomberg reports that Iran is planning to collect a toll for passage through the Strait of Hormuz: “For oil tankers, the starting price in the negotiations is typically around $1 per barrel of oil, paid in yuan, or stablecoins.”
We promised stablecoins would secure the dollar’s dominance, and I guess this is a good way to do it.
A report from the famously crypto-hostile IMF concludes that “tokenization represents a profound reconfiguration of the financial system’s core infrastructure.”
This makes tokenization something new. “Previous waves of digitization,” they say, made finance more efficient, but did not fundamentally change it. Tokenization, by contrast, “constitutes a structural shift in financial architecture rather than a marginal efficiency improvement.”
The IMF sees risk as well as opportunity: “At the same time, it introduces new forms of risks associated with speed, automation, and concentration.”
Hacks and exploits, too, probably.
But banks, conditioned to be paranoid, should be better at fending them off. JPMorgan has said their systems face an estimated 45 billion adversarial cyber events per day.
…worse, even, than bookies.
A report from Citizens Bank finds that the median return for traders on prediction markets is −7%. Notably, that’s worse than bettors do on traditional sportsbooks, where the median return is −5%.
The only winners on prediction markets are the very largest, mostly professional bettors: those that have placed over $500,000 in bets.
Why would prediction markets be worse than sportsbooks?
“Competition in prediction markets appears significantly sharper (i.e., more informed players),” the report says, “leading to greater losses for the median user.”
Many of those informed players have been banned from traditional sportsbooks (for making too much money).
They remain welcome in prediction markets, though, which means there’s a good chance you’re taking the other side of their bets.
“We all want to be on the other side of the public,” one professional bettor says. “That’s the dream.”
By “public,” he means me and you, of course.
Bettor beware.
Introducing Blockworks Investor Relations, an IR platform built for onchain businesses.
The latest Blockworks offering brings together analytics, a branded investor relations site, and integrated advisory support into a single platform. The result is a more efficient way to share your story, build trust with investors, and engage a global audience from day one.
If you’re building in crypto and want to upgrade your investor relations function, we’d love to work with you. Book a meeting with the Blockworks team to get started.
