Weekly Stories - 6/21
This week in the newsletter, we write about ZKsync’s token launch, the SEC closing its investigation into Ethereum, and a spat between Kraken and security researchers.
Subscribe here and receive Galaxy's Weekly Top Stories, and more, directly to your inbox.
Christmas for Airdrop Farmers
Claims for ZKsync's ZK token and LayerZero's ZRO token opened this week. On Monday, claims for ZK token opened up for eligible airdrop recipients of the zk-based L2 protocol. Matter Labs, the development team behind ZKsync, shared details last week about the airdrop criteria and the tokenomics of the ZK token, which will be used to govern the protocol going forward. The total supply is 21bn ZK tokens with 66.6% allocated for the 'Community' and the rest for 'Team and Investors'. At launch, 17.5% of the total supply will be distributed through a one-time airdrop to eligible users and contributors to the ZKsync protocol. Airdrop allocations were usage-based with "value scaling" based on the time-weighted average amount of capital contributed to the ecosystem (either held in one's wallet or value locked in DeFi protocols). Nearly 700k addresses qualified for the airdrop.
On Thursday morning, claims opened up for the ZRO token of the LayerZero omnichain interoperability protocol. According to the announcement blog post, the ZRO supply is fixed at 1bn tokens with 38.3% allocated to the 'Community', 32.2% to 'Strategic Partners', 25.5% to 'Core Contributors', and the remaining 4% repurchased and pledged to the Community. At launch, 8.5% of the ZRO supply was claimable for eligible participants, which totaled nearly 1.3m wallets. Claimants of the ZRO airdrop are required to pay 10 cents per ZRO to claim the airdrop, which the LayerZero team says is part of a new claiming mechanism called 'Proof-of-Donation' and will result in as much as ~$18.5m donated to Protocol Guild to fund core development of Ethereum and its ecosystem.
Prior to this week, anticipation for the ZKsync and LayerZero airdrops has led to significant Sybil activity across both protocols from individuals who spin up multiple addresses with frequent low-value economic activity to receive multiple airdrop allocations. Matter Labs founder and CEO, Alex Gluchowski, said last week that the airdrop was designed in a way that "naturally prioritizes humans and puts real people first." Last month, the LayerZero team offered potential sybil users the opportunity to self-report in return for 15% of their intended allocation.
At the time of writing, ZK is trading at around $0.20, implying an FDV of $4.2bn; ZRO is trading at ~$3.35 with an FDV of $3.3bn.
OUR TAKE:
Two of crypto's most anticipated airdrops just went live to the delight and dismay of many airdrop farmers. ZKsync has been one of the most popular L2s in active addresses and transaction count, leading all other L2s, including Arbitrum and Base, through Q1 this year. Some of the activity was driven by LayerZero - as an omnichain protocol, LayerZero farming activity has proliferated across ZKsync and other L2s as well as L1s (incl. Ethereum, Arbitrum, Base, Polygon, BNB Chain and Avalanche). Following the initial snapshots for the airdrops, activity on both ZKsync and LayerZero has since fallen.
When airdrop details were released for ZK and ZRO, many "real users" of these protocols complained about not being eligible due to not having met the criteria. While it’s extremely difficult to make everyone happy when it comes to an airdrop, on the other hand, it's extremely difficult for a project to attract usage without expectation of an airdrop, which in turn, attracts sybil attackers. The development teams behind both protocols made thoughtful efforts to address sybils: ZKsync airdrop criteria included a qualifier based on the amount of capital put at risk and the LayerZero team offered sybils the opportunity to self-report.
The primary goal of most airdrops (aside from decentralizing governance) should be to foster a strong community by rewarding users and contributors in a sustainable fashion. Token incentives are an essential component of the web3 growth playbook as they can attract product builders and users. With the initial airdrop events now behind us, the teams behind ZKsync and LayerZero will now look to rely more on their technical innovations to drive "real" user activity going forward. - Charles Yu
Aggressive White Hat Hacking by CertiK
CertiK, a leading blockchain security firm, identified a critical vulnerability in Kraken's deposit system. Kraken's Chief Security Officer revealed that nearly $3 million from Kraken's treasury was exploited through a flaw that allowed users to deposit funds without completing the deposit process. This UX bug credited the trading accounts before the deposited assets were cleared by Kraken. According to CertiK, a “huge amount of fabricated crypto (worth more than 1M+ USD) could be withdrawn from the account and converted into valid cryptos.” CertiK noted that during their testing phase, no alerts were triggered, making the bug undetectable by Kraken's internal security system.
The bug was fixed within a few hours. However, following the fix, Kraken investigated two additional accounts linked to CertiK researchers who had exploited the bug. Kraken requested a full report of their activities and the return of the funds. The researchers allegedly refused to return any funds until Kraken disclosed the potential extent of the exploit if they had not reported the bug. After further discussions between CertiK and Kraken, CertiK transferred the funds to an address controlled by Kraken.
OUR TAKE:
While white hacking can be extremely beneficial for projects and companies in crypto, there are no clearly defined rules for white hat hackers to follow. Typically, white hat hackers are rewarded based on how serious the identified bug is to the business or the project. CertiK's hacking efforts are put into question as one account exploited the bug for $4, while two other researchers from CertiK proceeded to exploit nearly $3m. Kraken's Chief Security officer argues that the $4 exploit was sufficient to take immediate action, alluding to the view that decision to exploit an additional $3m was unethical. Additionally, CertiK's timeline of testing and exploiting the Kraken bug over the course of five days across multiple accounts without notifying Kraken raised red flags. After some back and forth, CertiK ultimately returned all the funds to a Kraken wallet.
Although CertiK deserves compensation for their work, the researchers went beyond their mandate by testing the bug's limits and not notifying Kraken immediately. White hat hacking often involves gray areas in its processes, and other ethical hackers should learn from Kraken's dispute with CertiK to prioritize transparent communication with projects with serious bugs. – Gabe Parker
SEC Closes Investigations into Ethereum 2.0
On Tuesday, June 18, Ethereum software company Consensys announced that the U.S. Securities Exchange Commission (SEC) has ended their investigation into “Ethereum 2.0”. As background, in March 2023, SEC Director Gurbir Grewal approved a formal investigation into the individuals and entities involved in buying or selling ETH dubbed in court documents as the “Ethereum 2.0” investigation. In addition to multiple subpoenas that year, Consensys received a Wells Notice stating the SEC’s intent to bring an enforcement action against the company for violating securities laws thorough its MetaMask Swap and MetaMask Staking products on April 10, 2024. Consensys then filed a lawsuit against the SEC on April 25 asserting that MetaMask products do not violate securities law and attempts to classify ETH as a security through the SEC’s investigations is an “unlawful seizure of authority over ETH.”
Since April, the SEC has changed its tune on ETH and the entities involved in trading ETH. The regulatory agency approved three key regulatory filings for spot ETH exchange traded products (ETPs) “on an accelerated basis” on May 24. The SEC has also notified Consensys that the agency is closing its investigation into the company and will not recommend an enforcement action against it. However, the letter to Consensys from the SEC on Tuesday also states, “We are providing this notice under the guidelines set out in the final paragraph of Securities Act Release No. 5310, which states in part that the notice ‘must in no way be construed as indicating that the party has been exonerated or that no action may ultimately result from the staff’s investigation.’”
Consensys stated in a tweet that the latest response from the SEC confirms the agency will not bring charges alleging that sales of ETH are securities transactions. However, the company still fights through their ongoing lawsuit for a declaration from regulators that MetaMask products do not violate securities laws. Consensys wrote, “The closing of the Ethereum investigation is momentous, but it’s not a cure-all.” Earlier in the week, on Monday, June 17, David Hirsch, the former head of the SEC’s crypto asset and cyber unit, announced his departure from the agency after a tenure of almost 9 years.
OUR TAKE:
It is becoming abundantly clear that the SEC is reversing its stance on the classification of ETH as security. This was first evident when the SEC approved the 19b-4 proposals from all three exchanges, Cboe, NYSE Arca, and Nasdaq, to list spot ETH ETPs last month. The listing of these products was explicitly referenced in the applications as “commodity-based trust shares”. By definition, these types of products cannot include assets that have more than 40% of their portfolio in securities. Thus, the forthcoming S-1 approvals for these products will confirm the view of the SEC that ETH is not a security. SEC Chairman Gary Gensler said during a testimony at a Senate Appropriations Committee hearing last week that he expects S-1 approvals to occur sometime this summer. In light of these developments, it also makes sense then that the SEC has formally dropped their investigations into the individuals and entities involved in buying or selling ETH for securities law violations.
However, it not abundantly clear that the SEC is reversing its stance on the classification of staked ETH as a security, which is why Consensys is not dropping their lawsuit until the SEC also declares MetaMask Staking products do not violate securities laws. None of the spot ETH ETPs in the pipeline for approval over the summer offer additional yields from staking. If commodity-based trust shares can stake ETH without violating securities law, then the activity of staking more broadly as facilitated by exchanges, software companies, and the like can also take greater confidence in offering staking services to end-users.
The SEC’s abrupt actions make predicting future actions difficult. One factor to continue watching closely is the upcoming U.S. presidential election. More so than any prior year, cryptocurrencies have become a ballot box issue important enough for leading presidential candidates such as former U.S. president Donald J. Trump to take a clear stance on and leverage for votes. - Christine Kim
Charts of the Week
Ethereum Consensus Layer (CL) blob fees spiked to a peak .979256 ETH at block 20134272 (6/24/2024 at 16:56 UTC). At the time this equated to $3,450 per blob, and excludes the Execution Layer (EL) base and priority fees to post the blobs to Ethereum Layer 1. It is still unknown what caused the increase in blob base fees, however, “blobscriptions” created a similar disturbance in the Consensus Layer blob fee market between March 27, 2024 and April 3, 2024.
The current spike in CL blob base fees has led to rollups spending 51% more than the previous high spent during the blobscription mania of early April. This puts massive stress on the profitability of rollup sequencers that must pay for blobs.
Other News
BitFlyer targets FTX Japan for acquisition
MicroStrategy buys additional 11,931 bitcoin for $786 million
Trump scores bitcoin donations worth $2 million from Winklevoss twins
41% of top ZKsync token airdrop recipients sold full allocation
RISC Zero rolls out production-ready zkVM
Tether launches token 'supported' by Swiss-stored gold
T-Mobile owner Deutsche Telekom will soon mine Bitcoin in addition to running nodes
Legal Disclosure:
This document, and the information contained herein, has been provided to you by Galaxy Digital Holdings LP and its affiliates (“Galaxy Digital”) solely for informational purposes. This document may not be reproduced or redistributed in whole or in part, in any format, without the express written approval of Galaxy Digital. Neither the information, nor any opinion contained in this document, constitutes an offer to buy or sell, or a solicitation of an offer to buy or sell, any advisory services, securities, futures, options or other financial instruments or to participate in any advisory services or trading strategy. Nothing contained in this document constitutes investment, legal or tax advice or is an endorsementof any of the digital assets or companies mentioned herein. You should make your own investigations and evaluations of the information herein. Any decisions based on information contained in this document are the sole responsibility of the reader. Certain statements in this document reflect Galaxy Digital’s views, estimates, opinions or predictions (which may be based on proprietary models and assumptions, including, in particular, Galaxy Digital’s views on the current and future market for certain digital assets), and there is no guarantee that these views, estimates, opinions or predictions are currently accurate or that they will be ultimately realized. To the extent these assumptions or models are not correct or circumstances change, the actual performance may vary substantially from, and be less than, the estimates included herein. None of Galaxy Digital nor any of its affiliates, shareholders, partners, members, directors, officers, management, employees or representatives makes any representation or warranty, express or implied, as to the accuracy or completeness of any of the information or any other information (whether communicated in written or oral form) transmitted or made available to you. Each of the aforementioned parties expressly disclaims any and all liability relating to or resulting from the use of this information. Certain information contained herein (including financial information) has been obtained from published and non-published sources. Such information has not been independently verified by Galaxy Digital and, Galaxy Digital, does not assume responsibility for the accuracy of such information. Affiliates of Galaxy Digital may have owned or may own investments in some of the digital assets and protocols discussed in this document. Except where otherwise indicated, the information in this document is based on matters as they exist as of the date of preparation and not as of any future date, and will not be updated or otherwise revised to reflect information that subsequently becomes available, or circumstances existing or changes occurring after the date hereof. This document provides links to other Websites that we think might be of interest to you. Please note that when you click on one of these links, you may be moving to a provider’s website that is not associated with Galaxy Digital. These linked sites and their providers are not controlled by us, and we are not responsible for the contents or the proper operation of any linked site. The inclusion of any link does not imply our endorsement or our adoption of the statements therein. We encourage you to read the terms of use and privacy statements of these linked sites as their policies may differ from ours. The foregoing does not constitute a “research report” as defined by FINRA Rule 2241 or a “debt research report” as defined by FINRA Rule 2242 and was not prepared by Galaxy Digital Partners LLC. For all inquiries, please email [email protected]. ©Copyright Galaxy Digital Holdings LP 2024. All rights reserved.