ChainCatcher reports that, according to the GoPlus Chinese community, the prediction market platform Polymarket was hacked due to a design flaw in the synchronization mechanism between off-chain and on-chain transaction results in its order system.
The attacker manipulated nonces to cause on-chain matched transactions to be canceled or invalidated before settlement, while off-chain records remained valid, leading to API false positives, affecting trading bots like Negrisk and causing user losses. The attack process is as follows: 1. The attacker submits or matches large reverse trades with market-making bots on Polymarket’s off-chain order book. 2. The attacker constructs transactions with forged or duplicate nonces or exploits on-chain nonce competition, ensuring the on-chain transaction reverts. 3. Polymarket’s API returns “Trade Successful” to the bot before on-chain confirmation, causing the bot to believe the position has been hedged, while the on-chain state has not yet changed. 4. The attacker then exploits the exposed direction by executing a real on-chain transaction, achieving “risk-free” profit. 5. Since the revert occurs on the blockchain layer, Polymarket’s fees do not explode, making the attack cost manageable and sustainable. GoPlus recommends users pause automated trading tools, verify on-chain transaction statuses, strengthen wallet security, and closely monitor official Polymarket announcements.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Is Betting Morally Corrupt? Polymarket Bettor Contacts Israeli Journalist: If You Don't Change the Article, We'll Kill You
A reporter covering Iran's missile attack on Israel received death threats from Polymarket bettors who aimed to force him to modify his reporting to influence betting outcomes. The incident has sparked discussions about the ethics of prediction markets, and the United States has proposed legislation to ban related bets. Police have opened an investigation into the threats.
CryptoCity3m ago
Argentina Moves to Restrict Polymarket, Calls It Illegal Gambling
Argentina has blocked access to the crypto prediction platform Polymarket after a court ruled it operates as unlicensed gambling, indicating heightened regulatory scrutiny of such services amid increasing digital asset adoption.
TodayqNews19m ago
Polymarket Bettors Issue Death Threats to Journalist Over Iran Missile Report
Gate News reported that on March 17, Polymarket platform bettors issued death threats to journalists over reports related to Iranian missiles.
GateNews1h ago
An address bet $900,000 on the collapse of the Iranian government within three months, with cumulative losses of $215,000.
Gate News reported on March 17th that on-chain monitoring shows a newly created address, established only 11 days ago, has cumulatively bet $900,000 on a prediction market, wagering that the Iranian government will collapse within the next three months. The address has currently incurred a loss of $215,000. The specific betting details are as follows: a $420,000 bet that the Iranian government will collapse before June 30th, resulting in a loss of $66,000; a $250,000 bet that it will collapse before April 30th, resulting in a loss of $46,000; and a $150,000 bet that it will collapse before March 31st, resulting in a loss of $95,000.
GateNews1h ago
