Today in crypto, the SEC has approved Nasdaq’s proposal to list cash-settled Bitcoin index options, US lawmakers launched a probe into alleged insider trading activity tied to prediction market platforms. Meanwhile, Polymarket said user funds and market resolution were safe after a suspected private key compromise tied to top-up operations led to more than $600,000 in losses.

SEC approves Nasdaq to list Bitcoin index options on the exchange

The Securities and Exchange Commission has approved Nasdaq’s proposal to list cash-settled Bitcoin index options on the Philadelphia Stock Exchange.

The options are European-style contracts tied to the Nasdaq Bitcoin Index, a benchmark that tracks one one-hundredth of the CME CF Bitcoin Real Time Index, which updates with data from major cryptocurrency exchanges every 200 milliseconds. The approval was granted on an accelerated basis and published Friday on the SEC’s website.

The new contracts are cash-settled, meaning holders receive the difference between the Bitcoin spot price and the strike price at expiration. Unlike options on spot Bitcoin ETFs, there is no physical Bitcoin involved and no risk of early assignment, offering traders an alternative way to bet on the price of the cryptocurrency.

Source: SEC

The contracts will trade under the ticker QBTC on Phlx, with a minimum increment of $0.01 and a position limit of 24,000 contracts per side, equivalent to roughly 0.12% of Bitcoin’s outstanding supply, the SEC noted in its order.

US House launches insider trading probe into prediction markets

US lawmakers have opened a formal investigation into alleged insider trading activity on prediction market platforms tied to crypto and event-based trading.

House Oversight Committee Chair James Comer sent letters to the CEOs of Kalshi and Polymarket requesting information about how the platforms monitor suspicious trading activity and prevent users with access to nonpublic government information from profiting on sensitive geopolitical events.

The probe follows several high-profile incidents involving unusually accurate bets placed ahead of major political and military developments, including markets related to Iran and Venezuela.

One case cited by lawmakers involves a US Army soldier accused of using classified information to generate hundreds of thousands of dollars in profits through prediction market trades.

Source: James Comer

Polymarket team says user funds safe as exploit losses climb above $600,000

Polymarket confirmed a security exploit affected part of its infrastructure, pointing to a possible private key compromise involving a wallet used for top-up operations, while saying user funds and market resolution were safe.

In a Friday X post, Polymarket developers said contracts and core infrastructure were unaffected. Polymarket product lead Akanshu Jain and multiple other Polymarket employees also said user funds and market resolution are safe.

Blockchain investigator ZachXBT first flagged the exploit as a compromise to the Polymarket-linked UMA Conditional Tokens Framework (CTF) Adapter contract on Polygon, with the exploiter draining at least $520,000.

However, Josh Stevens, Polymarket’s vice president of engineering, said the contracts were safe and that the exploit was limited to a six-year-old private key used for internal top-up operations. All permissions tied to the key have been revoked, he said.

The UMA CTF adapter is an oracle contract used to help resolve Polymarket prediction markets through UMA’s Optimistic Oracle. Polymarket is the world’s second-largest prediction market with $3.7 billion in monthly trading volume, according to DefiLlama. 

Polyscan data reviewed by Cointelegraph showed more than 100 small transfers into the alleged attacker wallet. Most were worth up to 5,000 Polygon (POL) tokens.

Address of the alleged Polymarket adapter contract attacker. Source: Polygonscan

Multiple blockchain data platforms reported similar onchain activity tied to the suspected exploit.

Blockchain data visualization platform Bubblemaps said in a Friday X post that the attacker continues to remove about 5,000 POL tokens every 30 seconds, amassing about $600,000 in stolen funds at the time of writing.