Top Stories of the Week - 12/15

This week in the newsletter, we talk about new accounting rules from FASB that will benefit corporate holders of digital assets, Polygon settling on Celestia, and a major vulnerability affecting DeFi.

Subscribe here and receive Galaxy's Weekly Top Stories, and more, directly to your inbox.

FASB Updates Crypto Accounting Standards

On Wednesday, the Financial Accounting Standards Board (FASB) published an Accounting Standards Update 2023-08 (“ASU 2023-08”), allowing entities that are present financial statements under the Generally Acceptable Accounting Standards in the United States issued by FASB to report their crypto holdings at fair market value, reflecting the most current asset values at the time of reporting. FASB sets the financial accounting and reporting standards for public, private, and not-for-profit organizations under GAAP.

Prior guidance did not explicitly outline crypto reporting requirements. Instead, companies mostly treated crypto as an intangible asset, meaning they could only report losses on their crypto holdings if they fell in value relative to their initial purchase price. If crypto holdings appreciated in value, companies could not recognize any gain unless they had sold for a gain. With the new rules, companies can now reflect the most recent fair market value, unrealized or not. The changes were made in response to feedback from FASB stakeholders “who indicated that improving the accounting for and disclosure of crypto assets should be a top priority for the board.”

FASB first decided on the change in November 2022, and spent the last year drafting and collecting feedback before previewing them in September. They will come into effect for fiscal year after December 15, 2024, but companies can choose to implement them earlier based on their own needs. The updated rules do not cover stablecoins, NFTs, and wrapped tokens.

OUR TAKE:

The new guidance is a major step forward in making it more practical for public companies to hold crypto on their balance sheets. Prior rules lacked clarity and mostly disadvantaged holders who could only mark down an asset class that is highly volatile and cyclical without recognizing any later appreciation in value while holding the asset. This resulted in companies having to report the value of their assets at artificially low valuations relative to their true market value, disincentivizing them from holding the asset class at all.

While the new ASU solves a major issue for US entities, it leaves some key items unaddressed that still require significant judgement in financial reporting for crypto activities that results in diversity in practice and reducing comparability of financial statements between companies. For example, as NFTs and wrapped tokens are scoped out, many DeFi or derivative tokens would likely not be in scope of the new rules. This potentially creates a scenario where an entity holding BTC and wBTC would only be able to fair value their BTC holdings while measuring the wBTCs at their impaired values despite the two assets having the same underlying economic characteristics.

FASB previously rejected requests to update the rules on three separate occasions going back to 2017 due to a lack of corporate interest. That changed following a surge of interest from 2020-2022 as companies like Tesla, Square, and MicroStrategy began holding bitcoin on their balance sheets. Globally, at least 28 public companies currently hold bitcoin accounting for 1.2% of the total supply. The number of companies holding bitcoin could rise quickly in the coming year with a bitcoin ETF expected to launch soon. A recent Galaxy Digital report estimates the approval of a bitcoin ETF could lead to more than $14 billion in new inflows in the first year following launch, eventually ramping up to nearly $40 billion by year three.

The recent updates to FASB’s guidelines on crypto underscore a broader and more pressing issue: the urgent need for comprehensive and effective regulation from Washington. As the crypto market continues to evolve, it needs regulatory frameworks that not only understand the unique nature of digital assets, but also safeguard investor interests, ensure market stability, and foster innovation. -Lucas Tcheyan

Polygon CDK Adds Support for Celestia DA

On Tuesday, Polygon Labs, the development team behind multiple blockchain scaling solutions, announced new support for Celestia through their Polygon Chain Development Kit (CDK). The Polygon CDK is an open-source software development kit for building zero-knowledge (ZK) Layer-2 (L2) rollups atop Ethereum. The CDK was launched in August and offers users an easy way to customize the design of their rollup, specifically across the following five components: virtual machine, mode, data availability, sequencer, and gas token.

Caption: Polygon CDK components

Source: Polygon Labs

Initially, the CDK offers users two different solutions for data availability (DA). Users could choose to build a rollup that finalizes rollup transactions on Ethereum and thereby relies on Ethereum for DA. Alternatively, users could design a rollup that relies on a local data availability committee (DAC) for DA, which would guarantee faster and cheaper rollup transactions at the expense of reduced security and decentralization. A few projects using the Polygon CDK to build their rollups are OKX, Immutable, Astar, IDEX, Palm Network, Astar, Canto, and Manta.

The announcement on Tuesday confirmed that users of Polygon’s CDK would be able to choose the Celestia blockchains as a third option for DA starting early next year. Celestia is the first DA-optimized blockchain and it launched on mainnet on October 31, 2023. Though Celestia is highly regarded for its DA capabilities, there has so far been little activity related to rollups on the nascent network. According to data from nodes.guru, less than 0.01% of transactions finalized on Celestia are “blob” transactions, which are transactions posting data from rollups to Celestia. The vast majority are transactions related to staking TIA, TIA stake delegation, and transfers of native TIA tokens.

OUR TAKE:

Out-of-the-box solutions for building rollups like the Polygon CDK, OP Stack, and Rollkit are only set to become more customizable as the modular ecosystem grows. While the primary settlement and DA layer for rollups has historically been Ethereum, the launch of Celestia and other DA solutions will present rollup operators with cheaper alternatives for finalizing user transactions that are also more secure and decentralized than DACs. Because of the increased customizability of rollups and tooling to support their creation, there will likely be a high number of new rollups launched next year across Ethereum, Celestia, and other DA blockchains.

One important consideration that rollup operators must take into account when designing their rollup is interoperability. The main reason why the application ecosystem atop Ethereum is unmatched in terms of value and size is because of network effects. The concentration of users and liquidity on Ethereum is the most attractive quality about the network that pulls in new users, capital, and application developers. L2s that settle on Ethereum will have an easier time siphoning users and their capital from the base layer by promoting an “Ethereum-aligned” brand and offering a near-identical user experience as the Ethereum base layer except with lower fees and faster transaction (pre)confirmation times. To the extent that interoperability of users and their assets on Ethereum is sacrificed by relying on a separate DA layer from Ethereum such as Celestia, Ethereum is likely to retain its dominance as the world’s most popular blockchain for transaction execution, settlement, and DA – at least in the short-term.

However, as interoperability solutions for transaction settlement evolve and mature through the introduction and battle testing of shared settlement layers, as well as ZK-powered bridging technologies, the superior DA capabilities of Celestia is likely to attract a larger number of rollups and their users over time. Further, as new use cases are unlocked for blockchain-based applications that are only feasible on highly scalable protocols such as L2s, the need for a performant DA layer like Celestia will grow. Recognizing the need to expand Ethereum’s DA capabilities and fast, Ethereum core developers are working towards activating a code change called proto-danksharding to reduce the cost of DA for rollups built atop Ethereum. However, due to the complexity of the Ethereum code base, which was initially launched as a monolithic blockchain supporting all types of transaction activity, from execution to settlement to DA, the upgrade to enable proto-danksharding has been heavily delayed. In 2024, it will be important to watch both Ethereum’s progress towards enhancing its DA capabilities and the maturation of rollup interoperability solutions that address the issue of liquidity fragmentation. For more information about proto-danksharding read this Galaxy Research report. For more information about the modular blockchain thesis, read this Galaxy Research report. - Christine Kim

JS Library Vulnerability Leads to $500k Stolen

A security vulnerability in a Javascript library maintained by Ledger, a leading hardware wallet provider, results in $500k in stolen user funds. A former Ledger employee was targeted by a phishing attack, enabling the hacker to upload malicious code impacting the Ledger Connect Kit. Ledger Connect Kit is a Javascript library that connects wallets to websites. The exploit rerouted user funds to the hacker’s wallet when they tried to interact with decentralized applications. It is important to note that this vulnerability does not affect Ledger’s physical hardware wallets.

The malicious code was live for nearly 5 hours before Ledger was alerted and a fix was issued 40 minutes after the exploit was discovered, around 8:30 am EST. The Sushi CTO first highlighted the exploit at 7:30 am EST warning users “Do not interact with ANY dApps until further notice.” Affected dAPPs included Zapper, Sushi, and Revokecash.” Tether CEO, Paolo Ardoino, later tweeted that Tether froze all USDT in the exploiter’s address.

A full post-mortem on the hack is available on the Ledger website.

OUR TAKE:

The fact that an exploiter was able to hack Ledger through a former employee demonstrates a lack of proper credentials management and could lead to more scrutiny into the rest of their security practices.

This is another reputational hit for Ledger and the second major incident involving the company this year. In May, Ledger announced a new feature called “Ledger Recover” that sparked significant controversy due to a new feature that allowed users to share seed phrases with individuals other than the wallet owners themselves. In 2020, Ledger’s e-commerce website was hacked, resulting in the personal info of every purchaser of a Ledger hardware wallet being dumped on the dark web, a fantastic target list for malicious actors.

Even though the financial impact of this exploit was limited, it exposed the widespread dependencies across DeFi and other crypto applications on this individual software component. Broadly, this type of sophisticated “supply chain attack” on software dependencies is sophisticated and effective. Application developers, both inside and outside crypto, often rely on whole stacks of libraries and code developed by other people, which creates risks like this. This isn’t theoretical — it has happened before even in crypto. In 2018, a Node.js library utilized by BitPay’s Copay wallet was compromised, leading to a critical downstream vulnerability in the crypto wallet

Following the hack, some applications like Uniswap revealed they did not use Ledger Connect Kit and were not exposed to the Ledger supply chain attack. In an ideal world, users should be able to trust applications and wallet providers to secure their funds, but it’s clear DeFi today remains risky and prone to vulnerabilities. Everyone, from the user to the application provider, has a role to play in building a secure onchain environment. -Lucas Tcheyan

Charts of the Week

ETH has lost 26% of it value relative to BTC in 2023 year-to-date (YTD). ETH/BTC opened the year around 0.0723 and currently sits around 0.053. This has taken ETH/BTC to levels last observed in June 2022. YTD BTC has gained 160% against ETH’s 91.5%.

The correlation between BTC and ETH is the weakest it has been since May 2021. This underscores the intensity of the decoupling that has taken place between the two flagship cryptocurrencies this year. The BTC to ETH correlation currently stands at .68. It was at .65 30 days ago and .96 at the start of 2023.

Other News

• Sen. Elizabeth Warren adds five co-sponsors to her bill that would target crypto

• KuCoin settles with New York for $22 million and agrees to block users from state: Reuters

• Worldcoin unveils integrations with Minecraft, Reddit, Telegram and Shopify

• Chainlink data feeds available on Polygon zkEVM

• Coinbase to bring TradFi assets on-chain with new platform built on Base under Abu Dhabi regulator's oversight

• Decentralized exchange Uniswap expands to Bitcoin sidechain Rootstock

• From the Desk of Galaxy Digital Research