This Podcast Will Hack You

Hello and welcome to the 404 Media podcast, where we bring you unparalleled access to hidden worlds, both online and IRL. 404 Media is a journalist-founding company and needs your support.

To subscribe, go to 404media.co,

as well as bonus content every single week. Subscribers also get access to additional episodes where we respond to their best comments.
Gain access to that content at 404media.co.

I'm your host, Joseph. And with me is just one of the other 404 Media co-founders today.
And that is Sam Cole. Yo, just me, just the Joe and Sam podcast today.

And Matthew Gault later. And Matthew Gault later in the second section.
I was going to do, what's that meme from the film, you know, Captain Phillips, when the

starry pirates say, look at me, look at me.

Oh, yeah, yeah. We run the website now.
Yeah. This is our ship now, baby.
Exactly. Yes.
So Jason and Manuel are out. They'll probably be back next week.
And Matthew will join us in the second section.

I'll just say very, very briefly, we mentioned this last time, but we did run a survey to get a better understanding of, frankly, who are our readers.

Not specifically,

but, you know. Why do they come to Forrefill Media? How did they get here? That applies to the podcast as well.
And a lot of people replied.

And I think it's over for the moment. I don't think we need to resume it at this time.
But thank you so, so much to everybody who, you know, gave us their anonymous information.

It really, really helps us out better understand

how we can serve you and maybe what coverage we can do, and all of that sort of thing. It's going to take us a little while to go through the results, but thank you once again.

Sam, do you want to take us through this first story as this one I wrote? Yeah. Yeah.
So this is a Joe story.

The headline is, someone is trying to hack people through Apple podcasts.

I think it was probably a week and a half, maybe two weeks ago or maybe longer. You messaged us at 404 and you were like,

something weird is going on with my Apple podcast app. Like I'm being

recommended things that I don't recognize. You were like, there's something weird going on.
I don't know if it's just me or if it's like a system-wide thing or if there's like a hack going going on.

And I think everyone was kind of like,

that's bizarre. And like, so classically something that would happen to Joseph.
So we were kind of like, yeah, okay.

But you dug into it and it turned out that it was actually, there was something going on there.

So do you want to just kind of explain what exactly you've been seeing on the app?

Yeah, I think I only told you and the others at 404 Media weeks into me seeing all of this weird stuff. Like maybe I just told you a couple of weeks ago, but it's been going on for months, really.

And honestly,

my first reaction was concern,

worry,

and potentially like, oh my God, is this something that's really, really bad?

Is this humiliating or something like that? And of course, you know, worried about the security of my device and that sort of thing. Those worries did subside.

after I looked into it more and I spoke to an expert that we'll get to. But yes, what basically has been happening over the last few months is that I will go and unlock my Mac.

The screen will come on, type in my password or use biometrics or whatever.

The Mac will then open to the desktop. The podcast app will have opened by itself and it will be displaying some random ass

spirituality app, education app,

religion as well.

And

I didn't know what to make of it, as I said at first, but there were a couple of different scenarios where, yes, I would unlock the device and then it would be automatically opened.

Sometimes I would be using my Mac and it would just happen in front of me. And I'd be like, whoa, okay, I guess the podcast app is open now.
And then in other cases, the app would already be open,

but it would just seem seemingly random. And I'm going to guess it's not random, but obviously

to an observer, it looks random in that, oh, okay, it's just opens this podcast now. So

really

confusing and eyebrow raising and just making me wonder, well, what the hell

is going on here? Is this something bad or is this something just weird? Yeah.

I mean, it's definitely never good when apps and software just starts opening on your computer without you initiating that,

well, it could be anything. It could be anything.
It could be something bad. It could be something really bad.

It could just be, I mean, my MacBook, I'm primarily a PC user, and my MacBook is constantly opening what I think of as like trash, like junkwear, which I would include a lot of the Apple services in that.

And it just opens stuff by itself. But what you were saying was like specifically certain kinds of podcasts, like you said, like the spirituality and the religion, which is not your usual fare.

Well, also, and it's a specific, and it's specifically the native

quote-unquote legitimate piece of Apple software. Right.
Like, again, as you say, you're on Windows and you're unfortunately used to there just being crap on Windows all the time.

Either that from Windows itself, or I don't know. I installed myself.
Yeah, you installed yourself, or I remember

back in the day, I mean, I feel like it's less of a problem now, but like malvertising was just you go to the wrong website on a Windows machine and you're not blocking ads, you might be surreptitiously downloading software.

It just sounds scary. So, yeah, for sure.
Yes, this was strange because it was the real Apple piece of software, right? Yeah.

And it was opening like this very specific, it like what it was opening was weird. Um, I don't know if you can even like tell me the names of these podcasts.

Some of them have actual names, some of them are like basically wingdings,

but what were the podcasts themselves? Like, what were they titled?

Um, I just tried to open one and it's not loading, so maybe it got removed. but I have this email in front of me.

I'm not going to read the whole one because I think people will realize that it's clearly a script or some sort of command. But one of the podcasts is titled five.

slash X E W E two

single quote, double quote, double quote, ampersand,

hash x two two. And then it gets to on click alert and it goes through and it is clearly a command.

And you know, I think we'll talk about that in a minute but another of the podcasts was uh it was actually in arabic and i can't remember off the top of my head it was something like

uh

life advice or something like that and there's a gmail address included in the title as well weirdly there was one called from somebody called leonel pimenta and then it had a

specific

URL for a Google Play Store app all in the podcast title. And then probably the last one, I think there were a couple more, but I only documented just most of them.

Another one was called Free Will, Free Will. And then that had a direct link to some sermon website as well.
So a whole, I would say, mix of very weird podcasts, but not the usual stuff I listened to.

I'm usually listening to video game news or Hollywood news. I'm not listening to

religious sermons through Apple podcasts typically. Yeah, Free Will, Free Will.
That's a great one. I like that podcast a lot.
I'm a big fan. I'm a top listener of Free Will, Free Will.

And do they, are there, like, did you try to listen to any of them? Do they actually have audio in them? Well, Free Will, Free Will does. Yeah.
I played it.

And I know some people will be like, oh, you were clicking around and stuff. And it was because,

again, looked into a bit and I felt, well, I do need to probe this, whatever.

And I think it would be really crazy if you got directly hack just by playing some audio, you know, and I don't think that's what's going on here, as we'll see.

But that one did have some audio of someone just giving a sermon. But then that

first one I mentioned, as far as I could tell, it was just silence. There was nothing going on.
And

these podcasts, I should say,

they're like several years old. Some date from 2018, 2019, 2021.
So

they're not 2025, 2024 necessarily, but they've clearly been co-opted in some way, or some shenanigans are going on where these podcasts are all of a sudden being surfaced and basically thrust in my face.

I'm like the Simpsons Smithers

gif.

We surrounded by women, but it's that, but with like podcasts, basically, now

by like weird spirituality nonsense podcasts, spam podcasts. I mean, they like, these are like funny and dumb and like obviously so far pretty innocuous, but there was one that was less

innocuous and a little more malicious than the others. Can you tell us about that one? Yeah, it was the first one I mentioned with that five dot dot slash XE one.

And because it was like a command.

Yeah. Yeah, that's a command in itself.

Yeah, but you would have to, you'd have to click on that or you'd have to run it.

What was more interesting was that the same command was if you scrolled down on the podcast page and it has the little section in the Apple Podcast app that says

a show website. So, obviously, for us, I presume it says for media.co.
I haven't checked in a while, but it probably says that. This one, it had a link to go to that command.

And

maybe some listeners, and I think readers of the article may have already figured this out, but that was

it appeared to be a cross-site scripting attack, a XSS attack. Now, I remember, again, it sounds like we're reminiscing about hacking or something.

I guess we are, because malfetising years ago was a big thing on Windows.

I remember XSS attacks being all over the place when I first started like cybersecurity journalism in around 2013, 2014, where, oh my God, hackers used cross-site scripting to steal this data or to deface this website or something like that.

And it was a really low-hanging fruit attack. It was basically what script kiddies were doing, which are very technically unsophisticated hackers, but

they found a vulnerability in a pretty big website. And now they're going to do it and get some notoriety.

Or, as our former colleague Lorenzo covered at Motherboard, way back when, where we used to work, XSS was the underlying vulnerability used in the MySpace worm? Do you remember that?

Yeah, it was before my time.

Yeah, I remember that. I did like a, um,

my like community college

like computers 102 project was about viruses and worms. And that was one of the

can you tell people? I mean, I'm not expecting you to remember. Oh, gosh.
I mean, I don't really remember the specifics. Do you remember? It was like

I think it was basically,

oh, it was named Sammy, right? Are you talking about Sammy? Yes, Sammy, who pretty famous hacker by this point who does lots of stuff. I think he was making himself

everybody's top friend and had to propagate through MySpace, knocking the infamous Tom off

the top spot and making Sammy your best friend on MySpace. And because of the way it worked, it would just keep going, keep going, keep going.
It was really sick. So, I mean, this Apple podcast thing,

it's not that

as far as I can tell. But

the link in the podcast kind of show notes, I guess, or page or whatever, goes to this page. And when you click it, it does say

test XSS from this domain, which I think has the top-level domain of Ukraine, if I'm remembering correctly. It doesn't look like a fun website, I'll say that.
And

yeah,

because there's two things:

There's the random opening of the podcast and directing to weird ass podcasts.

There's then one of these is apparently being used to deliver or direct people potentially to a potentially malicious website. And that's sort of the more concerning part.

Yeah.

Yeah. I mean, it's, yeah, it's just, it feels kind of, it feels, it does feel a little bit old school in that way.

But it's just, it's interesting how a lot of these systems have become,

I don't know, at the same, like they're more closed than they need to be, but at the same time, it's like you can still get away with this kind of widespread.

And obviously, I mean, do you think it's like one person doing this, or is it like, it's like a known

kind of attack, right? I mean, well, I guess we should talk about the expert who talked about it because he kind of answered a lot of these questions for you or for us that

were a little bit worrisome. You talked to Patrick Wardle.

He's a macOS security expert.

And what was his diagnosis of the situation

yeah

so when i couldn't figure out what was going on and you know i can do a little bit of tech stuff but i'm not going to be able to figure out what attack is going on or anything like that so i thought of patrick who is a really really really good mac os researcher he runs objective c

which is I was going to say nonprofit, but I'm not sure if that's technically accurate. I'll just say organization.

And he develops all of these mac OS security tools so you can download one of the tools and it will tell you if any of your apps or any piece of software you've downloaded is trying to connect to the internet and you can block that forever so I do that all the time where I'll download like a text editor I need because it can handle like files of five or 10 gigabytes or something.

And we often need that for stolen data. But I don't want that communicating with the internet in case it is sketchy.
So I just block all connections from that piece of software, that sort of thing.

And Patrick makes those and he

makes them freely available for anyone to download. And he's covered malware a lot of the time.
And

I think more importantly, he just understands the Apple ecosystem along as he's fully focused on it. So I message Patrick,

honestly, thinking this is very much below his pay grade.

He's looking into serious stuff most of the time. And he very kindly got back to me and was actually pretty interested.

And he said that, quote, the most concerning behavior is that the app can be launched automatically with a podcast of an attacker's choosing. He was very much focused on that.

He did help me confirm, yes, it directs to this. weird ass site with cross-site cross-site scripting or whatever but he was focused on that and he actually

i don't think i even mentioned this in the piece or i did in passing, but he did a proof of concept where

he sent me a link to a website that he controlled, and it automatically opened the 404 media podcast on my device without it, um,

without a pop-up. You know, like when you download Zoom, or rather

you click a link and it's like, hey, just confirming you'd like to open Zoom. It doesn't have that.
It just automatically opens straight on the podcast, which he found. That's crazy.

Yeah, which he found pretty interesting. And I guess this is me speculating, but I guess it's a usability thing where Apple is like, well, we don't want people to do two clicks to get to a podcast.

We just want people to click once and listen to or whatever, but that can be abused.

The other main thing that Patrick said was that, you know,

slow down.

This isn't going to be the biggest thing in the world. He said, quote, of course, very much worth stressing on its own.

This is not an attack, but it does create a very effective delivery mechanism if, and yes, big if a vulnerability exists in the podcasts app.

So

I think that's already interesting. It doesn't mean, as he says, that, oh my God, there's this massive issue with

Apple podcasts, but there's something, something going on here. Yeah.
So we're not panicking.

We're not.

being actively hacked is the good news.

We're definitely not panicking. I should say that, yeah, yeah, when I was going through it first, I was looking on Reddit for like, has anybody else reported this? And I couldn't find anything.

And then Patrick looked on Twitter/slash X as well, and he didn't find anything.

But kind of what pushed me over the edge to actually finally get around to writing it up, because again, this has been happening for months, was that someone left a review on that really sketchy podcast with like one star saying, this is clearly a scam.

How is Apple allowing this on their platform? And that signaled to me, oh, so it's not just me seeing this weird stuff.

That also made me a lot more confident in that this isn't some highly sophisticated targeted attack against a journalist. And not that, not that I thought it was that, but

not a pleasant thing to be happening when you were trying to figure out, huh, is someone really, really trying to fuck with me or not?

But I saw that. and then wrote it up.
But yeah, I don't think panic. What came to mind for me

was

maybe last year or the year before, there was a huge wave of Google calendar spam. Do you remember that?

Yeah, I got a ton of it. And I still get a ton of Google Calendar spam.
But yeah, it was a big uptick in it last year. Yeah, and it sucks.

And it usually is, oh, random guy has put an event on your calendar and it includes links to their website or whatever. And Google, I can't remember how they fixed it.

Probably a change change in permissions or something, the ability for who can add something to your calendar, but they had to shut that down. That

for me, this podcast stuff is similar to that vibe where somebody is clearly fucking around and playing with the podcast app and sort of doing stuff to people, but it's not super alarming. That said,

you know, if you could deliver, as Patrick said, if you could deliver malware to somebody on an iPhone or a Mac device through a native pre-installed, probably always installed, nearly always installed, official Apple app.

That's pretty bad.

Yeah.

You talked to Apple about this, right? I assume you contacted Apple. Did they have they responded? They didn't respond for your story, I don't think, did they?

Well,

I spoke at them and not really, not really to them.

The first email, 26th of October,

and then

27th when I got more, 5th of November, 10th of November. Then I sent another email directly to a press contact I have at Apple and he never replied.

Yeah, so Apple has not responded to any of this.

This is a great like, because we always put like such and such company didn't respond or did respond. Or, you know, if they did respond, we put it.

But yours, it says, Apple did not acknowledge or respond to five emails requesting comment. The company did respond to other emails for different articles I was working on across that time.

Which is like, they didn't just not comment, you know, like the usual. They ignored you for this.
Yeah. Yeah.
And I know that some editors would like take that out.

And I feel like I've done that before. And Jason or you or Emmanuel have taken it out because sometimes I can get a bit petty.

But here, I think it's pretty important that, dude, there is this weird thing going on at Apple Podcasts. Like, why can you not even

we're looking into it?

Why can't you even acknowledge that? But I mean, Apple is Apple. They can be very difficult sometimes on PR stuff.

Yeah, I don't know. A few people

after it published, we published this on Thanksgiving and we were all pretty obviously offline during that.

But some people emailed and they said, I think it's related to this vulnerability I found in 2024, blah, blah, blah. I haven't had time to go through those yet.

I'll definitely go through those emails and sort of figure out:

is there something else going on here? You know?

All right. Should we leave that there and I'll get Matthew? Yeah, go get him.
All right. We'll be right back after this.

I'm a bit of a last-minute Christmas shopper. I'm sure you know the feeling.
You need something fast. You go into the store, but the shelves are empty and you're all out of ideas.

I'm really bad at getting gifts from my mom. I always wait till the last minute and I get her a gift card on Christmas Eve.
Not this year. This year, she's getting an Aura Frame.

Aura Frame is a digital picture frame you can personalize before you give it. Just preload it with your favorite family holiday moments and upload them when you order it.

It even comes in a gift box, so you don't have to worry about wrapping it.

And if you make a few new memories during the holidays you want in the frame, just use the Aura Frames phone app to easily share them where they can be enjoyed all year round.

You can't wrap togetherness, but you can frame it. For a limited time, visit auraframes.com and get $45 off Aura's best-selling Carver Matte Frames.

Name number one by Wirecutter by using promo code 404 Media at checkout. That's A-U-R-AFrames.com, promo code 404Media.

This deal is exclusive to listeners and frames sell out fast, so order yours now to get in time for the holidays. Support the show by mentioning us at checkout.
Terms and conditions apply.

This show is sponsored by BetterHelp. The holidays are a time of traditions, whether these are family traditions you've had forever or whether they're new traditions you've been starting.

This season is a good time to reflect on what traditions mean to you and to rewrite ones that aren't serving you you or start new ones entirely.

Incorporating therapy into your new or existing traditions can help you find joy this time of year or can help you work through what can be an overly hectic or lonely season.

Close your year with clarity rather than chaos and form new traditions for yourself with BetterHelp. BetterHelp therapists work according to a strict code of conduct and are fully licensed in the U.S.

It's a stressful time of year, so you probably don't have time to go therapist shopping. With BetterHelp, you don't don't have to.
It does the initial matching for you using a short questionnaire.

Its 12 years of experience means they typically get it right the first time but if you aren't happy with your match you can switch at any time.

With more than 30,000 therapists you're sure to find one that's right for you. This December start a new tradition by taking care of you.
Our listeners get 10% off betterhelp.com slash 404 media.

That's betterhelp h e l p.com slash 404 media.

All right, and we are back this time with Matthew. The headline of this one that you wrote is: Unauthorized edits to Ukraine's frontline maps point to polymarkets war betting.

This is a crazy story. People are really, really outraged in my mentions about it on various social media platforms.

Good. Yeah.
Well, I think we'll get to that. We'll definitely get to your thoughts on it because it combines scamming, predatory behavior, and warfare all into one story somehow.

Let's start with Polymarket. I think a lot of people will be familiar, but maybe some aren't.
What is Polymarket for those who don't know?

So So polymarket is what they call a predictive betting market. It's quite simply a place where you can lay money down on

something that's got a binary outcome.

Will President Trump win the 2024 election? Yes or no?

Which was a big one, obviously. Which was a big one.
And a lot of people made a lot of money.

Like made so much money that the Wall Street Journal was like profiling the people that made millions of dollars. A French guy.
A French guy. Yeah.
It was really fascinating.

He like wouldn't, his family was like, you're crazy. He's like, I'm going to make a lot of money.
And he did. He did.
He made a lot of money.

So that, I mean, at its very basics, that's what polymarket is. And it basically allows you to gamble on

everything,

including the outcomes of individual battles in a war zone.

We'll get to that. I'm just going to, well, I was going to say we'll get to that.
And I've opened up Polymarket to see what the bets are.

The top one is actually a Russia-Ukraine one, as in Russia versus Ukraine ceasefire in 2025, yes or no.

Fed decision in December, yes or no. Honduras presidential election.
So, yeah, you can bet on everything

basically in current affairs or in the world.

Maybe you don't know this off the top of your head, but do individual people make these bets or are they made by, oh, sorry, they like launch these campaigns or is it polymarket that does that?

Do you know? I actually don't know off the top of my head. My informed guess is that somebody launches it and they launch it with a simple bet on the yes-no proposition.

So they put like five cents or whatever on yes.

And then other people can like take the odds.

And then the odds change depending on who's voting yes and who's voting no.

Just based on everything else I kind of know about how polymarket works, I think that's probably it's something like probably something like that. Yeah.

And the creator of polymarket and i think wall street as well they see it

they see it way more than a gambling platform they actually see it as a source of information where you can sort of tap into the sentiment of certain populations or the wider public about what is actually going on here and of course that goes back to the trump one right where people say polymarket called

the previous election while all of these other polls were wrong, right?

It's kind of extremely fascinating. I think I'm going to half pitch you a story while we're on the podcast, in fact.

Because I've been thinking about this a lot because, yeah,

the CEO bills Polymarket as the future of news. That's like one of his big taglines.

And the reason that he says it's the future of news is that it's kind of this libertarian game theory mindset that I would say permeates everything on the platform.

That if you put your money where your mouth is, it changes the nature of what you think is going to happen.

If you're willing to put like five bucks on the presidential election instead of just your vote or instead of just your social media clout, like it's like the, that's, that's pure somehow.

It, you know, it tells you about the heart of a, of a human being. Like in that Frenchman's heart of hearts, he knew Trump was going to win.
Right.

And that's why he put all those millions of dollars on there. And he was willing to put that money up

in the endorsement of that. uh political candidate.
Yeah, it is very interesting. I don't know if I fully agree with all of the premises.

Oh,

I absolutely do not. So, and then people have been betting specifically on things related to the Russian invasion of Ukraine.
As I said, there was one about the ceasefire and that sort of thing.

So let's just get to the specific one you wrote about. This map that the article discusses.
What is this map and who makes it? So I'm going to apologize first and say that

my Slavic is bad. Okay.
And I I cannot pronounce Ukrainian or Russian words. So I'm just going to throw that out there at the beginning.

So there's this think tank called the Institute for the Study of War that's been around for a while and kind of made its bones tracking

like the movements of specific conflicts, like the literal frontline movements of specific conflicts in the Middle East and now

has what is kind of like the gold standard map of where troops are and where the front lines are in the war in Ukraine.

Typically, they update it like once a day around 1.30 p.m.

And that map is the map that Polymarket uses to resolve its disputes about who controls what territory in Ukraine.

Because it's a very reliable map. Because it's a very reliable map, because it takes a bunch of different factors into account.
It's kind of all run by experts.

There is another map that's very popular called the Deep State Live map, but that map also has, like, it's kind of supported and tied in with the Ukraine Ministry of Defense.

So it's kind of like, do you, like, how much do you trust the people, like the self-reporting of the, of the Ukraine's MOD, right?

Just the same as you wouldn't trust like a map that's put out and supported by the Russian side, right?

So ISW

uses a bunch of different factors. They use open source intelligence.
They read through all the Telegram channels.

They look at what both both sides are putting out in their propaganda to kind of like suss out where, like, the territorial lines are.

And so, like, the way these polymarket disputes resolve,

and specifically, the one that we're going to be talking about is around a city called Myrtorod, which is in Donetsk, which is one of like the heavily fought over regions in the eastern portion of Ukraine that Russia like annexed.

And Ukraine has kind of been holding this city for a long time. And it's been encircled by Russia.
And it's kind of

people know that it's probably going to fall. And in fact, like a couple hours ago, Russia had put out like its own propaganda video showing Russian soldiers in the town square.
But

Polymarket had a lot of bets on this specific town. There's like over a million dollars worth of volume.
in this specific area, which is pretty unusual for these conflicts.

Usually it's just like a couple grand that people are betting.

So the way like every bet on Polymarket has a very specific set of circumstances that resolve the bet in one way or another.

And when it's something like territorial control over a war zone, they pick like they said,

this cross-section of streets, this part of the town, when it goes over to the Russian side, then this bet will be marked as resolved and the cash will pay out.

So, will Russia control this town by November 15th?

We'll use the ISW map, We'll check it. And if this part of this town squares is taken, then people who voted yes, that it will be taken get the money.
So the weird thing happened

is like just about before like 6 a.m. on November 15th, Eastern Standard Time, which is not normally when the map updates.

Suddenly the map updates in just that little, like the Russian lines kind of push out and just take that square.

The polymarket resolves, the money gets paid out,

and then like suddenly that

take disappears from the

from the ISW map very strangely. And then ISW put out a statement that didn't mention polymarket, but said like, hey, we noticed that someone had made, somebody with

access to the map made an unapproved edit overnight. We're sorry.
This didn't, you know,

you know, this was not real. We've reverted it and we apologize.
Somebody who's one of the geopolitics watchers on Polymarket

called out ISW and pointed out like the timeline of the events and pointed out how weird it was and like that people had made money off of this bet and that it was very odd. And I talked to ISW.

And they kind of, they stopped short of saying that the map was edited because of a polymarket bet, but they did say that like they are aware that people are using their map

as the

thing that resolves these bets and that they are not happy about it.

They object to it.

And

ISW strongly disapproves of such activities and strenuously objects to the use of our maps for such purposes, for which we emphatically do not give consent.

So it's not, we don't know that someone at ISW had money or like paid this bet. I I want to be very clear about that.

It's just like all the circumstantial evidence around it sure does point in that direction, right? Yeah. And the incentives make it look like that's what happened.
Yeah.

Let me summarize it just to make sure I'm understanding correctly. There, the map is modified by someone.
We don't know who.

Just to put cards on the table or options on the table, it could be someone who has legitimate access to the app.

It could be a third party that potentially hacked into somebody's account to then change the map for whatever reason. That happens.
This bet then gets resolved on Polymarket.

Money is paid out, which is very interesting to me. And then the change reverses as well?

Yeah, the change reverses on the ISW map, but that

the money did pay out. And that's something that was super interesting to me.
Right.

Because the way, and this also ties back into the way

polymarket resolves disputes.

So what would have to happen for the money to not be paid out is before the money is paid out, there's like a period where you can, where people can dispute the resolution.

Because it's still an escrow, essentially. Basically, yes.
It's still an escrow.

You have to have two separate people dispute the resolution. And then, and this is my pitch, is I think we should write a story about like how Polymarket resolves disputes because it's kind of insane.

Like when this thing happens. So there's a separate system called like Oracle UMA

that's basically like a blockchain game theory based voting market.

So what happens is it gets like the dispute gets kicked to these people who have a separate Discord in a separate environment and

they adjudicate the dispute. And to have

betting shares to adjudicate this dispute, you have to have like bought tokens. And the more tokens you have, the more votes you get in this wholly separate thing.
Yes.

So, like, not to get too into the weeds, but like, it gets very strange if you start disputing things. But that didn't happen here.
Nobody disputed anything. It did not get kicked to UMA Oracle.

The money was paid out, and the ISW map reverted after that. Wait, wait, wait.
So not even people who

took the other end of the bet disputed. I mean, I guess

because

my assumption, I don't know why the dispute didn't happen. My assumption is that they looked at the ISW map and they're like, well,

I guess Russia took the square. Right.
But these bets do have comments sections.

And there are pissed off bag holders in the comment sections of this specific bet, which is ongoing uh because they've updated it like to 15 days and like will they take it by december 15th and this kind of thing gotcha because it's kind of it's all it's almost like it's been parlayed yeah and i mean this this was like a great original story but i feel like there's so much more to come and to find out potentially um of course hopefully um the think tank themselves will find out more specifics and and release them i would love for them to tell me who did it and why.

That would be ideal.

I guess until then, just more broadly, what do you think of betting on the conflict in general? Because as I said, people are really, really pissed off in my mentions.

I think it's a moral state on your soul if you do it. Full stop.

Sorry. Like if you're betting on the outcome of a conflict like this.
It's so cynical. It's just cynical.

It's awful. Yeah.
It's an awful, like, war is a horrifying thing where people die. This one, like, they're all brutal.
This one is particularly brutal.

Um, I've, you know, I think a lot of it has been filmed and broadcast across various social media channels, and people are like laying bets on it. That's, yeah, that's awful.
It's awful.

It is, it is bad. You, it is a bad thing to do, and you should not do it.
Yeah. Well, I think that's a good place

to leave it.

Matthew, thank you so much for joining us and talking about this story. If you're listening to the free version of the podcast, I'll now play us out.

But if you are a paying 404 Media subscriber, we're going to talk about how

in half of the US now, you have to either hand over your ID or scan your face to watch Legal Horn. Good, good times.
You can subscribe and gain access to that content at 404media.co.

As a reminder, 404 Media is journalist-founded and supported by subscribers. If you do wish to subscribe to 404 Media and directly support our work, please go to 404media.co.

You'll get unlimited access to our articles and an ad-free version of this podcast. You'll also get to listen to the subscribers only section where we talk about a bonus story each week.

This podcast is made in partnership with Kaleidoscope. Another way to support us is by leaving a five-star rating and review for the podcast.

That stuff really does help us out on Apple or Spotify or wherever. This has been For Reform Media.
We'll see you again next week.