Author: Frank, PANews
A transaction on the blockchain costing less than $0.1 can instantly wipe out tens of thousands of dollars in market-making orders from Polymarket's order book. This is not a theoretical deduction, but a reality that is happening.
In February 2026, a player disclosed a new type of attack against Polymarket market makers on social media. Blogger BuBBliK described it as “elegant & brutal” because the attacker only needs to pay less than $0.1 in Gas fees on the Polygon network to complete an attack cycle in about 50 seconds, while the victims—market makers and automated trading bots placing real money buy and sell orders on the order book—face forced removal of orders, passive exposure of positions, and even direct losses.
PANews consulted an attacker address flagged by the community and found that this account was registered in February 2026, participated in trading for only 7 markets, yet recorded a total profit of $16,427, with core profits completed in less than a day. When a prediction market leader valued at $9 billion can have its liquidity foundation rocked by a few cents of cost, what is exposed here is more than just a technical vulnerability.
PANews will delve into the technical mechanics of this attack, its economic logic, and its potential impact on the prediction market industry.
How the Attack Happens: A Precise Hunt Utilizing "Time Difference"
To understand this attack, one must first understand Polymarket's trading process. Unlike most DEXs, Polymarket adopts a mixed architecture of "off-chain matching + on-chain settlement" to pursue a user experience close to centralized exchanges, completing user order placement and matching off-chain in an instant, with only the final settlement of funds submitted to the Polygon chain for execution. This design allows users to enjoy a smooth experience with zero Gas for order placement and second-level transactions, but it also creates a "time difference" of several seconds to tens of seconds between off-chain and on-chain, which is the window targeted by attackers.
The logic of the attack is not complex. The attacker first places a normal buy or sell order through the API. At this time, the off-chain system verifies that the signature and balance are fine, so it matches it with the orders from other market makers on the order book. But almost at the same time, the attacker initiates a USDC transfer on-chain with an extremely high Gas fee, draining all the money from their wallet. Since the Gas fee is far higher than the default settings of the platform's relayer, this "draining" transaction will be confirmed by the network ahead of time. By the time the relayer subsequently submits the match result on-chain, the attacker's wallet is already empty, and the transaction fails due to insufficient balance and rolls back.
If the story ended here, it would just be a waste of the relayer's Gas fee. But the truly fatal step is: although the transaction failed on-chain, Polymarket's off-chain system will forcibly remove all innocent market maker orders that participated in this failed match from the order book. In other words, the attacker uses a deliberately failed transaction to "one-click clear" the buy and sell orders that others placed with real money.
To put it in a metaphor: this is like shouting a high bid at an auction and then flipping the script at the moment the hammer falls, saying "I have no money," but the auction house confiscates all other normal bidders' paddles, causing the auction to fail.
Notably, the community later discovered an "upgraded version" of the attack, dubbed "Ghost Fills." The attacker no longer needs to rush the transfer but can directly call the "one-click cancel all orders" function on the contract after the order is matched off-chain and before it settles on-chain, instantly invalidating their order and achieving the same effect. More cunningly, the attacker can place orders simultaneously in multiple markets, observe the price trends, retain only favorable orders for normal execution, and cancel unfavorable orders using this method, effectively creating a "free option to only win and not lose."
The "Economics" of the Attack: A Few Cents Cost, $16,000 Profit
In addition to directly clearing market maker orders, this off-chain and on-chain state desynchronization has also been used to hunt automated trading bots. According to monitoring by the GoPlus security team, affected bots include Negrisk, ClawdBots, MoltBot, among others.
The attacker's clearing of others' orders and creating "ghost fills" does not directly generate profits, so how is money made?
PANews has identified two main profit paths for attackers.
The first path is "monopolizing market-making after clearing." Normally, the order book of a popular prediction market has multiple market makers competing to place orders, and the price difference between the buy and sell orders is usually narrow, for example, a buy order at 49 cents and a sell order at 51 cents, with market makers earning a small profit from the 2-cent spread. The attacker repeatedly initiates "deliberately failed transactions" to forcefully clear these competitors' orders. At this point, the order book becomes a vacuum, and the attacker immediately places their buy and sell orders, but the price spread is significantly widened, such as a buy order at 40 cents and a sell order at 60 cents. Other users needing to trade have to accept this price without better quotes, allowing the attacker to profit from this 20-cent "monopoly spread." This model cycles repeatedly: clear, monopolize, profit, and clear again.
The second profit path is more direct: "hunting hedging bots." To illustrate with a specific example: suppose a market has a price of 50 cents for "Yes," and the attacker places a $10,000 "Yes" buy order through the API to a market-making bot. After the off-chain system confirms the match, the API immediately notifies the bot that "you have sold 20,000 shares of Yes." After receiving the signal, to hedge the risk, the bot immediately buys 20,000 shares of "No" in another related market to lock in profit. But then, the attacker causes the $10,000 buy order to fail on-chain, meaning the bot actually hasn't sold any "Yes," and its assumed hedged position becomes an exposed one-sided gamble, holding only 20,000 shares of "No" without a corresponding short position for protection. The attacker can then trade in the market, profiting from the bot being forced to sell these unprotected positions or directly arbitraging from the shift in market prices.
From the cost perspective, each attack cycle requires less than $0.1 in Gas fees on the Polygon network and takes about 50 seconds per cycle, theoretically allowing for about 72 cycles per hour. One attacker set up a "double wallet cycle system" (Cycle A Hub and Cycle B Hub alternating operations) to achieve fully automated high-frequency attacks. Hundreds of failed transactions have already been recorded on-chain.
On the profit side, a community-flagged attacker address reviewed by PANews shows that this account, newly registered in February 2026, participated in only 7 markets but achieved a total profit of $16,427, with the largest single profit reaching $4,415, and the core profit activities concentrated in a very short time window. In other words, the attacker leveraged a total gas cost of possibly less than $10 to generate over $16,000 in profit within a day. This is just one flagged address; the actual addresses involved in the attacks and total profit amounts could be much higher.
For the victimized market makers, the losses are even harder to quantify. Traders running BTC 5-minute market bots in the Reddit community reported losses of “thousands of dollars.” The deeper damage lies in the opportunity costs incurred due to frequent forced removal of orders and the operational expenses of being forced to adjust market-making strategies.
A more troublesome issue is that this vulnerability is rooted in the design of Polymarket's underlying mechanisms, which cannot be fixed in the short term. As this attack method becomes public, similar attacks are likely to become more prevalent, further damaging Polymarket's already fragile liquidity.
Community Self-Help, Warnings, and Platform Silence
As of now, the official Polymarket has not released any detailed statements or repair plans regarding this order attack, and some users have stated on social media that this bug had been reported multiple times months earlier but was consistently ignored. It is worth mentioning that previously, Polymarket also chose to refuse refunds when faced with a "governance attack" (UMA Oracle voting manipulation) incident.
With the official inaction, the community began to find its own solutions. A community developer proactively created an open-source monitoring tool called "Nonce Guard," which is capable of real-time monitoring of order cancellation operations on the Polygon chain, building a blacklist of attacker addresses, and providing general warning signals for trading bots. However, this solution essentially serves as a patch for enhanced monitoring and does not fundamentally resolve such issues.
Compared to other arbitrage methods, the potential impact of this attack method may be even more profound.
For market makers, the orders they painstakingly maintain can be cleared en masse without warning, destroying the stability and predictability of market-making strategies, which may directly shake their willingness to continue providing liquidity on Polymarket.
For users running automated trading bots, the execution signals returned by the API are no longer trustworthy, while ordinary users may suffer significant losses due to the sudden disappearance of liquidity during trading.
As for the Polymarket platform itself, when market makers are reluctant to place orders and bots hesitate to hedge, the depth of the order book will inevitably shrink, further exacerbating this deteriorating cycle.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
