What if a backdoor is planted in a ubiquitous open-source library?
A planted backdoor in a ubiquitous OSS dependency is a software supply-chain incident — patch-scramble and cyber-name repricing — NOT a chip supply shock, so selling TSMC/ASML/Nvidia on 'semiconductor_risk' is the wrong transmission entirely. Rhymes with the 2024 xz-utils backdoor (caught pre-mass-exploit) and Log4Shell-2021: real IT cost, zero semi impact. Correct read is a contained risk-off, not a Taiwan-fab trade.
how we built this number — every step
The class rate is measured from our dated, sourced event library (decade-normalized Poisson — the full table is public at base_rates.json). The variant’s share within its class is the analyst’s editorial call, published so you can audit it. A wider range means thinner precedent. Full recipe: methodology · scored at Reality Check.
The butterfly cascade
How this trigger trickles across markets, left → right — the root shock, its first‑order moves, then the ripple effects. Drag any node; tap a market for its real price history.
Resolution timeline — how this probability is moving
Our model's odds (gold) over time vs the crowd's (Polymarket, blue), from the past toward the 6–18 months horizon. Each dot is a real macro event that nudged the probability — green pushed it up, red pushed it down. Tap a dot for the source. The gold path is an illustrative reconstruction anchored to today's estimate — real dated events, not a live re-estimate history.
What it would mean
If this plays out, it is a mixed shock. A planted backdoor in a ubiquitous open-source dependency silently compromises thousands of enterprise and cloud deployments. The trigger decomposes into signed root‑shocks — Risk appetite ▼ — which propagate through our causal graph to the markets below.
If it happens — the markets it would move
Biggest moves first. Projected moves are cascade-model priors; hist A–B% = what comparable past events actually did (measured abnormal returns), and model prior · unmeasured marks markets with no analogue backing yet. Tap any market for its price history.
| Market | Class | Projected move | |
|---|---|---|---|
| 1 | Solana SOLon Hyperliquid 📈 chart | Crypto | ▼ -0.3% hist -11.38–+1.49% · other way -1.0% (n=12) |
| 2 | Hyperliquid (HYPE) HYPEon Hyperliquid | Crypto | ▼ -0.3% model prior · unmeasured |
| 3 | MicroStrategy MSTRon Hyperliquid 📈 chart | Equity | ▼ -0.3% hist -1.37–+0.41% · other way +24.57% (n=12) |
| 4 | Ether ETHon Hyperliquid 📈 chart | Crypto | ▼ -0.2% hist -7.76–+2.36% · other way +4.71% (n=12) |
| 5 | Nasdaq 100 NDXon Hyperliquid 📈 chart | Index | ▼ -0.2% hist -0.39–+0.03% · other way -0.29% (n=12) |
| 6 | Bitcoin BTCon Hyperliquid 📈 chart | Crypto | ▼ -0.2% hist -4.97–+1.69% · other way +5.56% (n=12) |
| 7 | Tech sector XLK 📈 chart | Equity | ▼ -0.1% hist -0.17–+0.13% · other way -0.38% (n=12) |
Probable recommendation
Why we may diverge from history
Trust the cascade short: MSTR's +15% leans on an ASML-miss spike and Iran-strike window inside the BTC bull — a supply-chain backdoor has no crypto channel, so Bitcoin swamps the realized sign.
Historical precedent — what analogous events actually did
Across 40 analogous events (overlap‑weighted), as abnormal returns — market beta stripped, so it's the event's own effect, not the market backdrop. Shown at 20 days (persistent) and 5 days (immediate); ↺ fades = the two horizons disagree. Confidence = consistency × sample × significance.
| Asset | History says | Abnormal (20d · 5d) | Hit | n | Confidence | vs cascade |
|---|---|---|---|---|---|---|
| SOL SOL | SHORT | -9.2% · 5d -7.6% | 75% | 40 | 0.38 | ✓ matches cascade |
| ETH ETH | SHORT | -6.9% · 5d -5.3% | 62% | 40 | 0.19 | ✓ matches cascade |
| NDX NDX | SHORT | -0.2% · 5d -0.9% | 62% | 40 | 0.18 | ✓ matches cascade |
| Bitcoin BTC | SHORT | -4.5% · 5d -3.4% | 60% | 40 | 0.15 | ✓ matches cascade |
| Gold XAU | LONG | +0.2% · 5d -0.3% ↺ fades | 57% | 40 | 0.13 | · |
| MSTR MSTR | SHORT | -1.1% · 5d -3.2% | 55% | 40 | 0.10 | ✓ matches cascade |
| High-yield credit HYG | SHORT | -0.0% · 5d +0.2% ↺ fades | 55% | 40 | 0.07 | · |
| US dollar DXY | SHORT | -0.0% · 5d -0.1% | 53% | 40 | 0.05 | · |
| Volatility VIX | SHORT | -0.8% · 5d +0.1% ↺ fades | 53% | 40 | 0.04 | · |
| 10y yield DGS10 | LONG | +2bp · 5d +1bp | 53% | 40 | 0.04 | · |
| XLK XLK | LONG | +0.2% · 5d -0.4% ↺ fades | 50% | 40 | 0.00 | ⚠ differs |
Why this probability
Open-source backdoors recur (xz, npm, SolarWinds-adjacent); a ubiquitous-dependency compromise over 18mo is fairly likely. A base‑rate‑anchored prior, continuously scored against what actually happens — not a forecast.