On The Brink with Castle Island - Weekly Roundup 05/30/26 (DeFi's worst ever month, PTJ on Bitcoin, quantum canaries) (EP.718)
Episode Date: May 1, 2026Matt and Nic are back for another week of news and deals. In this episode: DeFi had its worth month of hacks ever How are people falling for the fake Zoom link hack The KelpDAO Aave bailout is happ...ening Is Bitcoin's security degrading because miners are pivoting to AI? Litecoin suffers a 51% attack Is Bitcoin PoW at risk? Computershare partners with Securitize Meta will offer creator payouts in stablecoins via Stripe Q-day prize controversy Why quantum canaries might not provide much of a warning Paul Tudor Jones is spooked by quantum Some evidence for insider information in political prediction markets
Transcript
Discussion (0)
Matt Walsh and Nick Carter are partners at Castle Island Ventures.
All of these expressed by them or the guests on this podcast are solely their opinions
and do not reflect the opinions of Castle Island Ventures.
Guests and host may maintain positions in the assets discussed in this podcast.
You should not treat any opinion expressed by anyone on this podcast as a specific inducement
to make a particular investment or follow a particular strategy, but only is an expression of their personal opinion.
This podcast is for informational purposes only.
Brought down by Bad Mortgage Investments, Lehman, which has 25,000 employees, will be liquidated.
The Federal Government Loans American International Group, A.I.
$85 billion.
This is a different kind of market, and the Fed is asleep.
The federal government is stepping it to stabilize Fannie Mae and Freddie Mac, the two mortgage
giants that have been threatened by the housing crisis.
The Bank of England has pumped 75 billion pounds more into Britain's ailing economy with a new
round of quantitative easing.
And print a couple trillion dollars, and all of a sudden, people start to worry.
So out of this worry, we have something called the Bitcoin.
Welcome to On the Brink. I'm Matt Walsh.
And I'm Nick Carter.
Busy week of deals here.
I feel like the industry news is a little bit quieter.
You know, no major defy hack this week,
although there was another hack.
There was a smaller hack.
I found a chart online today saying that even though it seems like there's a lot of hacks,
we're still not at our peak in terms of hack to TVL ratio for defy.
That's almost hard to believe.
When was the peak?
Well, now I can't find the chart again.
But save to say it's not the worst time ever in DeFi.
I think because we figured out the flash loan thing.
You don't hear about flash loan hacks anymore, do you?
No, and you hear fewer smart contract hacks as well, don't you?
It feels like maybe the infrastructure is hardening in certain categories,
but the hackers are always one step ahead.
Yeah, but it's just actually a good sign, right?
So the smart contract crypto economic aspect is more secure, it seems.
we've sort of incorporated a lot of those lessons.
The gap is that infrastructure layer.
Yeah.
So that's not fully secure yet.
But we kind of, we're learning.
That's the thing.
It's an adaptive system.
Each hack selects for the most secure smart contracts, right?
So it's actually we get better with time, do you think?
I think that's right.
It still seems like the major points of vulnerability are getting into the phone.
So, you know, that's an issue.
SMS two-factor, I can't believe that this is still a thing that people use.
The other thing is these attacks that are like the fake Zoom links where people just get in
and all of a sudden they have key logger information on your device.
That's a big issue.
Yeah, that seems, I'm so surprised that people still fall for that, actually.
Like, I get it.
It's like someone you've talked to in the past.
Oh, they wouldn't be scamming you, right?
And then they send you a Zoom link.
You can see them on the Zoom.
You can't hear.
It's like, oh, download this plugin, whatever.
Okay.
Don't do that.
But like, would there have been so many cases of this?
How are people still fall?
I don't know.
I don't want a victim blame, but how are you still falling for it?
I can kind of see it because when a Zoom link is starting or you're kind of in a race to get your next Zoom,
all of a sudden things are popping up.
You're just clicking to try to minimize the screen.
You can see how someone could get put in the headspace.
It's like, picture the first, like, call that you ever got.
years and years ago saying that they were Verizon or saying that they were like your cable company,
you actually probably would have taken it seriously. Yeah, it exploits people's desire to please
their counterpart and reason goes out the window. But at this point, if you get a DM from a friend
or someone you knew in the past, and especially if you haven't talked to them in a while and they send a
Zoom link and ask to generally catch up, you just don't have to. You just don't have to. No. Or you can
send a Google meets. Send them a link, you know? Yeah, you've been saying it for a while,
but just the way telephones and text work, that probably needs to change. It almost needs to be
like an opt-in payment. Maybe we need hash cash, like a minimum payment to reach out to someone.
Something has to change for sure. I just don't pick up the phone anymore. If someone really needs
me, you can leave a voicemail. That's a thing that you can do. It is a thing. I think people age
25 and under are not aware of this technology.
They just don't know about voicemails.
They don't leave them.
But voicemails are great.
People probably long for the good old days
were getting scammed meant, you know,
getting something in the mail
and filling it out and sending it back with a check or something.
This is also something young people don't know about.
There used to be this thing where everyone's address,
name, and phone number was in a book
that was distributed to everyone in town.
Crazy. Crazy.
The white pages.
Talk about a high trust society.
We don't have that anymore.
No.
No.
It's unbelievable that that was the thing.
That was the thing.
You can just look someone up, find out where they lived, and call them.
Or just calling the operator, calling.
It used to be zero.
Then it went to 411, right?
It's just, okay, where does Nick Carter live?
Can you get me his phone number?
That one, I never did that.
I mean, that's how you used to, like, you know, all right, hey,
need to get some help on my homework and this person in my class, I don't know their phone number.
Yeah.
Call zero.
Yeah.
And high schools would send out directories of everyone enrolled.
Yeah.
Yeah.
The past is just, it seems like such a distant time.
Well, we didn't have digital bearer assets back then to steal, I guess.
Yeah.
Satoshi's got a lot to answer for.
You kind of knew your local banker too.
So if someone walked in to steal your money out of the bank, it would have been a little harder.
So on that sunny note, we actually did a retrospective on the kelp-dow hack this week with Pluto.
I don't believe that's his Christian name originally, the founder of Harbor, co-founder of Harbor,
to talk about how we can avoid this in the future.
I thought it was a very elucidating conversation.
Yeah, that was a good one.
I think there's an interesting question here around how do you get made whole on this?
Seems like the industry is sort of aligning on a kind of a bailout fund, which is interesting.
Yeah, what I'm not clear on is, is this a donation?
Or are you getting equity in something?
Or is it a loan?
What are the terms of these funds that are being dispersed to, I guess it's AVE?
Yeah.
Is the recipient?
Yeah, Ave is the one with the bad debt.
So they're ultimately the recipient.
Same question for the drift and tether lock in, right?
What were the terms of that?
I mean, it's actually really encouraging to see the disparate crypto.
I mean, salon is getting involved in this.
And nothing to do with the salon.
It's quite cool to see.
Sort of a decentralized, like, made-off recovery.
By the way, that's a good Netflix documentary, the Madoff one.
It's like a four-part series.
Is there a new one?
Yeah, I think it's new.
I just finished it.
It was quite good.
That guy, Irving Picard, recovered most of the funds.
Well, I was going to say, wasn't there a full recovery in the end?
I think it was full or close to full, but the way that it had to happen was tough.
I mean, it was people that were pulling money out of that.
thing had to go in pocket and send a bunch back. And then JP Morgan actually had to pony up like
$3 billion. Definitely an impressive recovery. The funny thing is FTCS had a similarly high recovery,
but we're upset about it. Well, it's dollarized, right? So they still haven't recovered on a
crypto basis. But that's where I think some of these funds that go in and buy bankruptcy claims,
you know, if they're trading down in like the 10 cent range, it's like, okay, if they have a good CEO,
trustee coming in to run this thing, just go along because they just sue everyone.
Yeah, that was pretty much the right trade in almost any sort of exchange hack historically.
Yeah.
It's worked out.
In most bankruptcies it seems to work out too.
Yeah.
All right.
Let's hop into the deals of the week.
First one up is Sodot, which is a crypto security company.
They're required for $100 million in equity by Moonpay.
Next up there is squads.
Stablecoin payments platform, there is 18 million from Salonaventras, Coinbase Ventures, Han Ventures, and L1D.
Blockworks announced a Series A extension at a $192 million valuation from Parify, Reciprocal, and Coinbase.
Then we have Bello, the Latam-based stable coin wallet app.
They raised 14 million from Tether and Titan Fund.
Liquid, which is a mobile trading platform.
They raised $18 million from Neo, Left Lane Capital, and others.
Fence is a stable coin-based debt operations platform.
They raised 20 million from Galaxy, Parify, and crane venture partners.
Then it's legend trade, which is a crypto trading app.
They raised $3.5 million from Electric and Amber Group.
This was an interesting one.
Tether submitted a proposal to merge 21 Capital.
This is a Bitcoin Dat, where Tether's largest shareholder with Strike.
This is Jack Mallor's company, who's also the CEO of 21.
21 capital.
21.
Kind of a related party transaction there.
And electron energy, I didn't know about them.
They're a Bitcoin mining company.
So 21's trading up on the news.
Seeing more of these like inter-party kind of fuzzy relationship,
SPAC debt deals happening.
Yeah, I want to make sure we're getting the valuation right on strike,
for sure, if you're a shareholder of 21.
Yeah.
Next one is Mara Holdings.
which is the Bitcoin mining company,
they announced that they're acquiring
Lone Ridge Energy and Power for $1.5 billion,
powering their expansion into AI data centers.
Seems like this is a company that,
obviously, they've been selling down their Bitcoin.
Are they mining Bitcoin at a loss at this point?
It's just becoming an AI company?
Yeah, I haven't looked to Mera specifically,
but virtually every Bitcoin miner has,
they're in various stages of doing this pivot.
And it makes sense.
I mean, with Bitcoin you're selling to one client, you're completely undiversified.
With AI, obviously it's thousands.
And you're just better able to monetize those units of power.
Way better.
Yeah.
It does raise questions, actually, because part of Bitcoin security models
that the miners hold A6, whose value is indexed to Bitcoin.
They hold Bitcoin.
So the miners of this long-term view of the Bitcoin now.
so they're incentivized not to misbehave,
not to lease their A6 to a malicious entity.
So this is the Bitcoin security model
as it developed over time.
If those miners no longer have a stake in the Bitcoin network,
they don't actually care anymore about, you know,
what happens in long term.
So they might just be willing to rent their A6
to a malicious party or sell them.
Yeah.
Right?
So there's actually, some people started to realize this,
This actually raises quite a few questions for the longevity of the Bitcoin security model.
I haven't looked at hash rate lately, but it's still going up, right?
Yeah, but there were a bunch of academic results finding that if the hash rate is in mercenary hands, it's really at risk.
Yeah.
So you need the hash rate to be in the hands of kind of long-term stewards of the network.
But if they're all pivoting AI and the hash rate is sellable or mercenary,
then you're in trouble.
It begs the question,
just a longer term here as the block reward subsidy kind of dissipates,
what are these miners going to be motivated by?
Yeah, I know we're all worried about quantum,
but the block reward issue has not been solved in any meaningful sense.
In fact,
you're now seeing virtually every other POW network like Manero
and now more recently Lightcoin has been exploited.
in this 51% model even light coin yeah biggest proof work network so this is still a germane
of course there's a way to solve it two birds with one stone well you can solve it by having
more fees on the network you could also solve it by adding a tail emission and then you just get
canceled by all the bitcoin people though yeah but either of those solutions requires
intervention you can't just mandate that fees are higher you know yeah yeah
The light coin thing was interesting.
So would that happen on Saturday?
There was a reorg attack on light coin.
It was like 12, 13 blocks or something.
Yeah, and that's enough to exploit an exchange typically.
I mean, the exchange is basically determined the threshold
of what constitutes a settled transaction.
I remember years ago we used to try and build models
to figure out what settlement consisted of on different blockchains.
But yeah, if the exchanges,
except a relatively short settlement period,
then they're definitely exploitable with a 51% attack.
I have to say that was the first time I had thought about
light coin in years when I saw that news.
Still gone.
Still a thing, apparently.
All right, let's hop into some news this week.
Here's an interesting one.
Computer Share, which is a big transfer agency,
financial services company.
They're a TA for majority of the companies in the S&P 500.
They announced this week a partnership with Securitize, basically a big tokenization push.
They're proposing a new modality for blockchain-based shares that would be, obviously,
equal with the traditional shares.
But it does make sense.
I mean, you'd think that computer share would be one of the companies that would be fundamentally
threatened by this push to unchain securities, but they are very ubiquitous transfer
agents.
So them leaning into it is smart.
Yeah, this is a huge win for securitize.
I mean, this was one of the aspects of tokenized securities that was still very much manual and off-chain.
So integrating it into the actual flow is very, very powerful.
The thing with these tokenized securities, obviously they're all shapes and sizes depending on the type of asset that you're tokenizing.
But if you're talking about tokenizing and equity, you need to be plugged into a TA.
And so you see securitized and super state and a number of these other firms are starting as TAs.
I think everyone's just been wondering, like, what happens to the existing TAs?
Do they buy up these new tokenization TAs?
Do they get threatened?
I don't think there's a world where you can't have TAs as a category.
I think this is all going to have to kind of merge into the TadFi market structure to some degree there.
Yeah, I mean, corporate actions are a thing.
dividends that would be paid proxy votes it all requires it a TA yeah no it's it's historically not been a
very attractive category like you wouldn't see venture capital investments into TA businesses they're
just mature cash flowing businesses but the blockchain native ones are hot so they're not a ton of
news this week mercury announced their conditional approval for an OCC banking charter so these are
all their age right now. Yeah, that OCC path is definitely wide open. So Mercury is just the latest
one to go through there. We talked about this kind of coalition that's coming together after the
Kelp Dow, Ave, Layer Zero, Hack last, well, I guess I shouldn't attribute the hack to all three
of those parties, but Layer Zero was hacked, Kelp Dow and Ave were also involved there. So there's a group
called Defi United. It seems like they've raised over $300 million to cover
that bad debt. And a bunch of firms have hopped in to kind of backstop it, which as you point out
is just fascinating. I mean, this is the type of thing that you would see in the banking sector
during like a long-term capital management crisis or something. Obviously, these are smaller numbers,
but usually the Federal Reserve would have to be compelling you to do something in the banking
sector for a meltdown like this. Yeah, this is a decentralized, spontaneous thing, which makes it
quite admirable. It looks like they have received enough pledges, actually, to, to cover the
whole, according to someone on X called DCF God. Oh, DCF God. So if they're the god of DCFs, I trust
them. I mean, it just speaks to how existential AVE is in DFI. I mean, AVE was the blue chip
defyre protocol. That's what I was going to say. It really just highlights the fact that there's
a perception that without AVE, this whole space is less interesting. I think that's
That's probably true.
Although I wonder if the kind of the pooled model is going to be the way that this works going
forward.
I think just isolated pools is much more of a flavor of something that a traditional financial
firm could get behind in terms of large deposits.
So well done, Defy United.
I thought it was interesting.
Meta this week announced they're going to be offering creator pads and stable coins
with Stripe acting as a payment processor.
I have to say Stripe is just.
the big winner of this stable coin bonanza so far in my opinion of all the kind of quote unquote legacy
web two firms i think they have played it the best i think that's right out of the legacy firms
obviously the the startups have done great and that's probably a kind of a better play as a just
the categories of startups that have done well here but stripe kind of getting into this at scale
they've been great i really i wonder what zuckerberg thinks about
this whole category because, I mean, he tried to do this like six years ago.
I mean, 2019.
He's got to be sitting there and just saying, all right, all of this could have been ours,
but we were blocked.
Scar tissue, I bet.
But better late than never.
There was a big controversy this week, Project 11.
Of course, we are investors and we're on the board there.
I am on the board.
They paid out this QDA prize to a researcher called John Carlo Leli.
And his claim and their admission was that he had broken a 15-bit elliptic curve private key.
Of course, that's very far from 256 bits.
The prize came under suspicion after the one Bitcoin prize was paid out.
The allegation was that the quantum computer hadn't really done the work and that it had been primed with a result
that was achieved classically, of course, it's trivial to break a 15-bit key classically.
Actually, the record is all the way up to 117 bits.
And so there were a lot of questions about this.
I think it does illustrate the challenge of trying to create a quantum canary
because, as I said, elliptic curves have been broken all the way up to 117 bits with classical methods.
So to really trust a break by a quantum computer would have to be above that.
So 120 or so.
So that's the problem is that when a quantum computer breaks a 120-bit curve,
the resource requirements go from that to 256 are actually quite small for the quantum computer,
not for the classical computer.
You're talking about a doubling and logical qubit requirements or a 10x factor of runtime.
So the same quantum computer that can break 120 bits, if you run it for 10 times the time,
you could break 256.
So you wouldn't have that much time between that result and Q-Day.
So that's the trouble with all these challenges.
So what did you say was the bits that have been broken classically?
What's the number?
117 for a generic ECDLP circuit and then for a Bitcoin key,
specifically, it's actually 130.
And how does 117 map to characters that you would use in a password, for instance?
I think it's like 60 digits, give or take.
It kind of makes you wonder why every website in the world isn't just like the maximal strength
in terms of the password requirement.
Well, because it required a very big cluster of FPGAs to do it.
To do it, I guess.
It's still, you know, pretty heavyweight.
But if you're, like, a politically exposed person,
wouldn't, I mean, that not communicating on government hardware,
your password should be like paragraphs long then.
Yeah, I mean, realistically, at this point,
you need like a 10 to 15 bit password without a doubt.
It's kind of crazy.
I feel like this is all moving in the direction of biometrics at some point, do you think?
It should, yeah.
I mean, on Apple infrastructure now you have, what is it, key passphrases or something?
Pass case.
Instead of pass.
Passes.
Yeah.
Instead of passwords.
Yeah, but even that, that's not like, you know, what's the belts and suspenders approach?
It's probably like how the situation room is set up, right, with the fingerprints and the retina scans.
So my conclusion from all of this is, unfortunately, we can't rely on these kinds of challenges to know when a quantum computer is coming.
We just have to take it on faith.
I don't know people don't like that, but you just have to trust the experts.
Some people don't want to trust the experts, but you do have to trust the experts.
Speaking of Quantum, did you listen to this Paul Tudor Jones interview on Invest Like the Best yet?
No, I heard it's quite good.
Oh my gosh.
First of all, it's just awesome.
Like the way that he was interviewed by Patrick O'Shaughnessy and just the level of candor that he had and some of the just the life story.
stories were unbelievable. But he brought up Bitcoin a couple of times. And, you know, at one point,
he was talking about not being remembered on his deathbed for, you know, predicting this crash or,
you know, predicting when to invest. And he brought up Bitcoin, which made me think that he had
probably just crushed it on the Bitcoin trade during COVID. Well, because he famously bought in
2020. He did. Yeah. He went on CNBC and said that I think he was the one that said Bitcoin's the
fastest horse. Yeah, he did. So I think he must have just cleaned up on that. But he talked about
Bitcoin being better than gold on a lot of dimensions, but he specifically brought up quantum
as a vulnerability. And here's the best investor in the world. I guess I would call him best
trader in the world. And he's bringing it up. It does show you that this is just fully permeated
into the zeitgeist in terms of a potential deficiency for Bitcoin. Yeah. I mean, this
is what we thought would happen, right? You can't keep these problems contained. I know the Bitcoin
has tried to do this sort of blue wall of silence thing where we're all in a Mexican standoff
and we're daring the other guy to talk and hoping that, you know, the wider world doesn't
discover these problems, but of course it's going to happen. So you can't go back. You can't convince
him now that it's not a problem. It is obviously a problem if you're thoughtful. The only way forward is
to fix the problem, not to yell at the people that say there's a problem.
As good as that may feel, it's not going to solve the problem.
You have to fix the core issue.
I think that's right.
I mean, if this is being called out as the biggest thing that would hold back a thesis
from an investment perspective, it's a very solvable one.
I mean, the other things that people bring up are kind of further fetched,
like the internet going down everywhere all at the same time.
Like maybe that, I guess that could happen, right, with like a solar flare, but we'd have a lot bigger problems at that point.
Just electrical grids going down. Obviously, it's worse than gold, but we're probably living in a, you know, stone age civilization if all the electricity and the internet goes down.
But, you know, this is just a very high profile case to not own Bitcoin and it's solvable.
Yeah, exactly. So the good news is that we can completely do away with this.
concern by actually acknowledging and fixing the problem. And I know no Bitcoin dev ever wants to
actually do anything, but you have to. I'm sorry, you have to work. Solana this week announced
that they had a path forward. So basically every other blockchain is going to fix us. Bitcoin's
going to be the last. Ethereum is already planning on a 2029 upgrade cadence. So Lana is now
announcing they're most likely going to use lattice-based signatures, which Bitcoin developers are very
scared of. Bitcoin doves seem to favor hash-based. We won't get into it, but just use lattice. It's
fine. So yeah, Bitcoin's going to be the last one. Hopefully they do come around. I am seeing
promising signs from the development community. They do seem to be taking it more seriously.
Yeah, they're definitely talking about it more. Here's an interesting one. Gemini, the Winklevoss
Twins company, they're approved for a DCO license from the CFTC. So this allows them to act as a
clearinghouse for regulated derivatives and prediction market contracts.
They've been trying to get this for a long time.
This was actually why they were upset at Quintends because, you know,
they had been blocked at the CFTC level from getting this.
So now they have it.
Polymarket is also looking for CFTC blessing to redomicile their primary exchange to the U.S.
I think that'll be a little bit trickier potentially.
But a lot of movement here in the CFTC world.
Yeah, and I know we've been talking about insider trading a lot.
I wanted to draw your attention.
I saw a study this week that.
for political event contracts that traded for around 25 cents,
what rate would you expect them to settle at?
If you're buying the contract for 25 cents,
what percentage of the time would you assume that that would be correct?
I don't know, 25%.
Yeah, you'd think so, right?
You'd think so.
That's what a kind of orderly market would look like.
Now, this study looked at political large bets, right?
specifically large political bets on polymarket that were initially purchased for 25 cents on the dollar
they settled on or they won on average 50% of the time they so they converge to a payout at 100% 50% of the time
after trading at 25% that's interesting which is a much higher rate than you'd expect in an efficient
market so why might that be insider information correct so
This is a way of seeing that there is a general presence of insider information on the market
without pointing fingers at any trader or any market specifically.
So you see this dislocation.
Large bets on political markets settle at too high rate than expected there's probably insider information.
I would love to, is that a public methodology how they did that?
I'd have to look into it.
I thought that was a very interesting finding.
And I think the way that this is all trending is that just fully KYC participation is going to be pushed on the industry, don't you think?
It has to be.
It has to be.
And do you know the polymarket?
I don't want to beat up on polymarket, but I was looking into this.
They didn't have an explicit prohibition on insider trading per se until March of this year.
Oh, really?
Is that on the offshore exchange?
Just terms and conditions for the whole market.
I was looking at it.
They only added that in March.
Before there was this kind of general guidance to not commit fraud of any type, but they
didn't call out, whereas Cali she has actually been quite clear.
I'll give them credit.
No incentive trading.
The Calci people and the polymarket people could not detest each other more, including
the investors that are going at each other.
This is like Uber and Lyft on steroids.
No, I really enjoy it, actually.
It's great.
I'm glad that we don't have.
have to take a side and we can criticize them equally.
It's just really off-putting how these two companies are going after each other.
They're completely at each other's throats.
It's great.
Last one, news of the week is wasabi protocol, which is a perps trading platform.
They were drained for $4.5 million via an admin key attack.
So it's pretty similar to drift, it looks like.
But yeah, to your point earlier, it seems like it's more of these type of vulnerabilities
that we're seeing in the wild as opposed to the smart contracts.
Yeah, so I'm actually optimistic about this whole thing.
I think we're going to have to run the gauntlet of these types of hacks, AI-enabled,
fishing, device exploitation, et cetera.
And then when we get out the other side, we'll have best practices in place,
and hopefully everything will be safer.
So I think that is it for the week.
Everybody have a safe and healthy weekend, and we will see you on Monday.
