Editor
Iran’s state-owned Bank Sepah is offline following a cyber-attack, but Polymarket users are divided on whether to treat it as a ‘major’ cyberattack for purposes of resolving a market. A pro-Israel hacktivist group called “Predatory Sparrow” claimed responsibility and said it destroyed essential data for the Islamic Revolutionary Guards. They reportedly stole $90 million in cryptocurrency but ‘burned’ it by sending it to accounts from which it is believed to be irretrievable. Such accounts are sometimes referred to as “black holes” in the cryptocurrency community.
Predatory Sparrow issued a statement explaining its rationale for targeting the bank:
It circumvented international sanctions and used the people of Iran’s money to finance the regime’s terrorist proxies, its ballistic missile program and its military nuclear program.
Dozens of Polymarket contracts relating to Iran appeared in the wake of Israel’s attack on the country. Polymarket states that its goal in offering these markets—which are effectively real-money bets on global events—is to “harness the wisdom of the crowd to create accurate, unbiased forecasts.”
The question is, does this hack of Bank Sepah qualify as a ‘major’ cyberattack? Polymarket has open contracts for a major cyberattack on Iran in June. Share prices jumped as high as 98 cents (with one dollar representing certainty) on June 17 after news of the attack broke. However, two attempts to resolve the market have been met with disputes, as many users feel the attack didn’t rise to the level of a ‘major’ one as defined in the market rules.
The rules state:
To qualify, the attack must cause significant disruption, damage, or unauthorized access affecting core national systems – such as critical infrastructure, state institutions, the financial system, defense networks, or nuclear facilities.
Is a State-Owned Bank ‘the Financial System’?
An attack on a single private corporation would not qualify. However, Bank Sepah is owned by the state and serves as the primary financial institution for the Iranian military. On the other hand, it is not the central national bank, so the debate continues. Polymarket resolution disputes are addressed through UMA, a blockchain-based “oracle” that utilizes a debate-and-voting system to reach a consensus on the truth.
When a UMA user asserts that a Polymarket contract should be settled, there is a 2-hour challenge window. The first proposal to resolve the market as “Yes” was found to be too early. The second is now in the final stages of a 48-hour voting period to determine if that’s still the case. Voting will end at approximately 8 p.m. Eastern time on Friday, June 20.
The semantics of “major” is the crux of the debate that is currently ongoing on UAM’s Discord server. As of Friday morning, the vote appears to be going in favor of the Yes camp, at 55.9% versus 44.1% of tokens voting Too Early.
A majority of Polymarket bettors appear to believe the contract will ultimately be resolved as Yes. Shares in favor of the proposition are currently selling at 96 cents, implying only a 4% chance that the market will end as No.
What UMA Voters are Saying
UMA allows users to provide rationale for their votes. Below are some of the statements offered by voters in each camp. (Some comments are lightly edited for grammar and spelling.)
The ‘Yes’ Rationale
- “One of the largest state-owned banks (Sepah) was hacked and customer databases purged, causing nationwide banking disruptions. This affected somewhere around 30% of the Iranian population, not a minor incident. This included unauthorized access.” – aenews
- “Pretty bare bones case. Credible reporting agrees that there was a major cyberattack against Iran” – tyler
- “New attacks have emerged on major services” – whatevaz
- “Clear, broad consensus reporting of major cybersecurity attacks across reliable US, Israeli, and Iranian media. Market resolves on media consensus, not on confirmation from organizations that have been decimated by cybersecurity attacks, a ridiculous ask.” – Prince of Seleucid
Most other “Yes” voters expressed the belief that the attacks appear to be spreading to other areas of Iranian systems and not just the initial bank hack. However, some “Too Early” voters said the claim being disputed was whether the Sepah Bank attack was a “major” attack. According to those voters, other, subsequent attacks could not be considered in the current vote, but would require a new claim.
The ‘Too Early’ Rationale
- “This dispute was before Israel attacked Iranian TV and broadcast messages, so the TV hacks cannot be used for a Yes resolution and a separate proposal must be made – Only one bank, Sepah bank, was affected by the cyberattack on Tuesday. Sepah bank is NOT the largest bank.” – Naichli
- “The scattered small incidents did not have any significant or lingering impacts. Certainly not on government assets. Cyber attacks on individual banks do not count for resolution of this market.” – Cronus
- “The incident is a typical attack on individual organizations. And it’s clearly no match for the 2024 IRLeaks bank hack. There is no consensus.” – BIGshort
- “The biggest problem is not only that the attacks do not match the scale described in the conditions to be considered Major, but also there doesn’t seem to be consensus from the media as explicitly demanded in the conditions of the market” – Azkur
